I'm confused. It doesn't look like the ciphers the vulnerability is citing
are allowed in the java.security file on this system. We're getting
flagged for:
hmac-md5
hmac-md5-96
hmac-sha1-96
Settings are:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Am I missing this, not a java security expert by any means... Thanks!
On Monday, August 24, 2020 at 11:09:43 AM UTC-6 [email protected] wrote:
> Yes, configuring the ciphers accepted by your JDK edit the
> file lib\security\java.security (the path will vary based on your Java
> version)
>
> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2, [email protected]
> escribió:
>
>> Hi all! I'm getting hit by my secuity team for a vulnerability for the
>> Jenkins CLI via ssh allowing the following weak ciphers:
>>
>> hmac-md5
>> hmac-md5-96
>> hmac-sha1-96
>>
>> Is there a way to configure ciphers accepted for the Jenkins CLI?
>>
>> Thanks,
>> Eric
>>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/cd72f7b2-5aa3-4e6e-96da-579cb50b43e3n%40googlegroups.com.
