holmovie created KARAF-4057:
-------------------------------
Summary: karaf2.4.0 of rmiServerPort = 2098 is not secure, will
get attacked by BIAS, BEAST, NO_PFS.
Key: KARAF-4057
URL: https://issues.apache.org/jira/browse/KARAF-4057
Project: Karaf
Issue Type: Bug
Components: karaf-security
Affects Versions: 2.4.3
Environment: OS:centos6.7
jdk:1.8
Reporter: holmovie
Priority: Critical
We use script “ssl-cipher-suite-enum.pl ” (version1.0.0) scanning our RMI
server which port is 2098, please check attachment for details.
I have several questions to consult:
1. How these attack(BEAST, BIAS...) can be avoided in the karaf2.4.3?
if yes, what is the solution?
2. if we use the latest karaf version, could these loopholes be solved or not?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
