Colm O hEigeartaigh commented on CAMEL-12262:

Hi [~davsclaus],

I disagree that the documentation states that 3DES is excluded - the filter 
given is "{{.*_DES_.*}}" which only applies to DES. It would be ".*_3DES_.*" if 
it applied to 3DES.

I don't think we need to exclude 3DES as well, it's still considered secure. 
For example it is on the default "enabled" cipher suite algorithms in Java 8:


However, I think maybe we could change how we filter algorithms in general 
starting with the next major release. CXF only applies the default "excludes" 
if there is a corresponding "includes" filter. If there are no filters it just 
uses the JVM defaults, which already exclude the weak algorithms by default in 
recent JDK versions.



> ----------------------------------------------
>                 Key: CAMEL-12262
>                 URL: https://issues.apache.org/jira/browse/CAMEL-12262
>             Project: Camel
>          Issue Type: Task
>          Components: documentation
>            Reporter: Lyubomir
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 2.21.0
> The [official 
> documentation|http://camel.apache.org/camel-configuration-utilities.html] 
> states the default cipher suites exclude filters are:
> {code:java}
> .*NULL.*
> .*anon.*
> .*DES.* Camel 2.15.4 =>Means 3DES **is** excluded
> .*EXPORT.* Camel 2.15.4
> {code}
> The default cipher suite exclude filter declared is:
> {code:java}
> /camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java
> {code}
> {code:java}
>     protected static final List<String> DEFAULT_CIPHER_SUITES_FILTER_EXCLUDE =
>         Collections.unmodifiableList(Arrays.asList(".*_NULL_.*", 
> ".*_anon_.*", ".*_EXPORT_.*", ".*_DES_.*"));
> {code}
> According to the documentation 3DES will be excluded by default. Based on the 
> code only DES will be excluded.

This message was sent by Atlassian JIRA

Reply via email to