Phillip Odam created PROTOCOLS-99:
-------------------------------------
Summary: supportedCipherSuites not working for startTLS
Key: PROTOCOLS-99
URL: https://issues.apache.org/jira/browse/PROTOCOLS-99
Project: James Protocols
Issue Type: Bug
Components: api
Affects Versions: 1.6.2, 2.0.0, 1.6.3
Reporter: Phillip Odam
Assignee: Eric Charles
Setting the supported cipher suites when startTLS is enabled is not limiting
the available ciphers since the instantiation of the Encryption object always
sets the member enabledCipherSuites to null.
Demonstrate issue:
Add the following to the tls tag in conf/smtpserver.conf
<supportedCipherSuites>
<cipherSuite>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipherSuite>
</supportedCipherSuites>
With the change active, attempting to connect to the server with the following
command will succeed (with a weaker cipher)
openssl s_client -connect mail.server.tld:25 -crlf -starttls smtp -cipher LOW
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
