subject:"\[Resin\-interest\] Reg. Resin Security Vulnerability"

Re: [Resin-interest] Reg. Resin Security Vulnerability

2018-01-17 Thread BUSCH Steffen

Hi,

can you post here:
https://groups.google.com/forum/#!forum/caucho-resin

I could offer you help in a couple of hours or tomorrow.
In the meantime you can already get these Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files 7.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Kind regards,
Steffen
Von: resin-interest-boun...@caucho.com
[mailto:resin-interest-boun...@caucho.com] Im Auftrag von Abhishek
Gesendet: Donnerstag, 11. Januar 2018 12:47
An: resin-interest@caucho.com
Betreff: [Resin-interest] Reg. Resin Security Vulnerability

Hello!

I am using resin-pro-4.0.41 with Java 7 and using below configuration for https
configuration in "resin.properties"

# JSSE certificate configuration
# Keys are typically stored in the resin configuration directory.
jsse_keystore_type : jks
jsse_keystore_file : keys/server.keystore
jsse_keystore_password : adrs123

Following vulnerabilities has been identified in my setup:

1. Diffie-Hellman group smaller than 2048 bits

2. Disable Supports RC4 Cipher Algorithms, 3DES Cipher Suite, The Use of
Static Key Ciphers, Using Commonly Used Prime Numbers

3. Disable support of SSLv3, TLS 1.0 & TLS 1.1

4. TLS/SSL Server is enabling the POODLE attack --> Has to be disabled

5. TLS/SSL Server is enabling the BEAST attack --> Has to be disabled

6. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) --> Has to
be disabled

Please share if there is any configuration to handle these vulnerabilities

Regards,
Abhishek | HP: +91-8130370104 |
Email: abhisheksi...@nmsworks.co.in<mailto:abhisheksi...@nmsworks.co.in>
NMSWorks Software PVT LTD | #C3, IITM Research Park, Taramani, Chennai, India -
600113 |

[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=emailclient>

Virus-free.
www.avast.com<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=emailclient>

___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

[Resin-interest] Reg. Resin Security Vulnerability

2018-01-11 Thread Abhishek

Hello!

 

I am using resin-pro-4.0.41 with Java 7 and using below configuration for
https configuration in "resin.properties"

 

# JSSE certificate configuration

# Keys are typically stored in the resin configuration directory.

jsse_keystore_type : jks

jsse_keystore_file : keys/server.keystore

jsse_keystore_password : adrs123

 

Following vulnerabilities has been identified in my setup:

 

1.   Diffie-Hellman group smaller than 2048 bits

2.   Disable Supports RC4 Cipher Algorithms, 3DES Cipher Suite, The Use
of Static Key Ciphers, Using Commonly Used Prime Numbers

3.   Disable support of SSLv3, TLS 1.0 & TLS 1.1

4.   TLS/SSL Server is enabling the POODLE attack --> Has to be disabled

5.   TLS/SSL Server is enabling the BEAST attack --> Has to be disabled

6.   TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) --> Has
to be disabled

 

Please share if there is any configuration to handle these vulnerabilities

 

Regards,

Abhishek | HP: +91-8130370104 |

Email:   abhisheksi...@nmsworks.co.in

NMSWorks Software PVT LTD | #C3, IITM Research Park, Taramani, Chennai,
India - 600113 |

 



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Re: [Resin-interest] Reg. Resin Security Vulnerability

[Resin-interest] Reg. Resin Security Vulnerability

2 matches

Site Navigation

Mail list logo

Footer information