Hello!
I am using resin-pro-4.0.41 with Java 7 and using below configuration for https configuration in "resin.properties" # JSSE certificate configuration # Keys are typically stored in the resin configuration directory. jsse_keystore_type : jks jsse_keystore_file : keys/server.keystore jsse_keystore_password : adrs123 Following vulnerabilities has been identified in my setup: 1. Diffie-Hellman group smaller than 2048 bits 2. Disable Supports RC4 Cipher Algorithms, 3DES Cipher Suite, The Use of Static Key Ciphers, Using Commonly Used Prime Numbers 3. Disable support of SSLv3, TLS 1.0 & TLS 1.1 4. TLS/SSL Server is enabling the POODLE attack --> Has to be disabled 5. TLS/SSL Server is enabling the BEAST attack --> Has to be disabled 6. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) --> Has to be disabled Please share if there is any configuration to handle these vulnerabilities Regards, Abhishek | HP: +91-8130370104 | Email: <mailto:abhisheksi...@nmsworks.co.in> abhisheksi...@nmsworks.co.in NMSWorks Software PVT LTD | #C3, IITM Research Park, Taramani, Chennai, India - 600113 | --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
_______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
