[
https://issues.apache.org/jira/browse/KARAF-4057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14962205#comment-14962205
]
Achim Nierbeck commented on KARAF-4057:
---------------------------------------
as no one answers the question, I consider this issue to be trivial and not
critical.
> karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by
> BIAS, BEAST, NO_PFS.
> ---------------------------------------------------------------------------------------------
>
> Key: KARAF-4057
> URL: https://issues.apache.org/jira/browse/KARAF-4057
> Project: Karaf
> Issue Type: Bug
> Components: karaf-security
> Affects Versions: 2.4.3
> Environment: OS:centos6.7
> jdk:1.8
> Reporter: holmovie
> Priority: Trivial
> Attachments: uc2.7_result.txt
>
>
> We use script “ssl-cipher-suite-enum.pl ” (version1.0.0) scanning our RMI
> server which port is 2098, please check attachment for details.
> I have several questions to consult:
> 1. How these attack(BEAST, BIAS...) can be avoided in the karaf2.4.3?
> if yes, what is the solution?
> 2. if we use the latest karaf version, could these loopholes be solved or
> not?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
