Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3224 SSL The Last Round
  3. WFLY-3451

disabling CBC mode ciphers

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Obsolete
    • Critical
    • 10.1.0.CR1, 10.1.0.Final
    • JBoss AS7 7.1.1.Final
    • Security
    • None

    Description

      encountered such a problem:
      management of information security vulnerability found on a production environment, namely:

      SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability port 8443/tcp over SSL
      RC4-SHA ECDHE-RSA-DES-CBC3-SHA SSLv3

      they offer a solution:
      This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If
      upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability. Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability.

      as TLS upgrade we can not, it remains disabling CBC mode ciphers

      our platform is jboss-eap-6.1

      Attachments

        Activity

          People

            darran.lofthouse@redhat.com Darran Lofthouse
            jermby_jira Aleksandr Voloschuk (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: