Agree 100% not a cxf issue thought we might have a recommended set for max security. We had some pen testing highlight some weak ciphers and I wanted to see if the task of removing weak ciphers had already been done :-)
Lazy I know but figured it did not hurt to ask. SSL beast vulnerability to CBC was reason I asked also Thanks heaps for your replies Sent from my Android phone On 10/10/2013 10:49 AM, "Dennis Sosnoski" <[email protected]> wrote: > Oh, but if you want to switch to the IBM JVM it looks like they've > supported GCM since Java 6, in the default disabled list of suites: > http://publib.boulder.ibm.com/**infocenter/javasdk/v6r0/index.** > jsp?topic=%2Fcom.ibm.java.**security.component.doc%**2Fsecurity-component% > **2Fjsse2Docs%2Fciphersuites.**html<http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=%2Fcom.ibm.java.security.component.doc%2Fsecurity-component%2Fjsse2Docs%2Fciphersuites.html> > > - Dennis > > On 10/10/2013 12:43 PM, Dennis Sosnoski wrote: > >> This is not really a CXF issue, Jason - it's determined by the JSSE (Java >> Secure Sockets Extension), and AFAIK we're stuck with only CBC for AES >> encryption. You can see the list of JSSE cipher suites here: >> http://docs.oracle.com/javase/**7/docs/technotes/guides/** >> security/SunProviders.html#**SunJSSEProvider<http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider> >> >> Incidentally, I just published an article on InfoQ that discusses some of >> the issues around keeping your data communications secure with some >> discussion of TLS/SSL: http://www.infoq.com/articles/** >> keeping-your-secrets <http://www.infoq.com/articles/keeping-your-secrets> >> >> - Dennis >> >> On 10/10/2013 12:27 PM, Jason Pell wrote: >> >>> Hi, >>> >>> Is there such a list in the docs for cxf somewhere? >>> >>> >> >> >
