Seems in Java 7 the ciphers for 128+ are the default. In Java 6 when no cipher suite filter I see a few < 128bit but with java 7 those ones disappeared.
Sent from my Android phone On 10/10/2013 12:57 PM, "Jason Pell" <[email protected]> wrote: > Agree 100% not a cxf issue thought we might have a recommended set for max > security. We had some pen testing highlight some weak ciphers and I wanted > to see if the task of removing weak ciphers had already been done :-) > > Lazy I know but figured it did not hurt to ask. > > SSL beast vulnerability to CBC was reason I asked also > > Thanks heaps for your replies > > Sent from my Android phone > On 10/10/2013 10:49 AM, "Dennis Sosnoski" <[email protected]> wrote: > >> Oh, but if you want to switch to the IBM JVM it looks like they've >> supported GCM since Java 6, in the default disabled list of suites: >> http://publib.boulder.ibm.com/**infocenter/javasdk/v6r0/index.** >> jsp?topic=%2Fcom.ibm.java.**security.component.doc%** >> 2Fsecurity-component%**2Fjsse2Docs%2Fciphersuites.**html<http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=%2Fcom.ibm.java.security.component.doc%2Fsecurity-component%2Fjsse2Docs%2Fciphersuites.html> >> >> - Dennis >> >> On 10/10/2013 12:43 PM, Dennis Sosnoski wrote: >> >>> This is not really a CXF issue, Jason - it's determined by the JSSE >>> (Java Secure Sockets Extension), and AFAIK we're stuck with only CBC for >>> AES encryption. You can see the list of JSSE cipher suites here: >>> http://docs.oracle.com/javase/**7/docs/technotes/guides/** >>> security/SunProviders.html#**SunJSSEProvider<http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider> >>> >>> Incidentally, I just published an article on InfoQ that discusses some >>> of the issues around keeping your data communications secure with some >>> discussion of TLS/SSL: http://www.infoq.com/articles/** >>> keeping-your-secrets<http://www.infoq.com/articles/keeping-your-secrets> >>> >>> - Dennis >>> >>> On 10/10/2013 12:27 PM, Jason Pell wrote: >>> >>>> Hi, >>>> >>>> Is there such a list in the docs for cxf somewhere? >>>> >>>> >>> >>> >>
