Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 13.0.11.Final, 14.0.0.Final
Affects Version/s: 13.0.10.Final, 14.0.0.Final
Component/s: Security, Server
Labels:
None

Git Pull Request:
https://github.com/infinispan/infinispan/pull/10281, https://github.com/infinispan/infinispan/pull/10283

The cipher selection configuration is inadequate for TLS 1.3. We need to distinguish between ciphersuite filters (TLS 1.2 and below) and ciphersuite names (TLS 1.3).
The following is an example:

<security-realm name="default">
         <server-identities>
            <ssl>
               <engine enabled-protocols="TLSv1.3 TLSv1.2" enabled-ciphersuites-filter="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" enabled-ciphersuites-names="TLS_AES_256_GCM_SHA384"/>
            </ssl>
         </server-identities>
      </security-realm>

We should also provide proper defaults for the filters and names.

For filters, we use DEFAULT
For names, we use TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Assignee:: Tristan Tarrant

Reporter:: Tristan Tarrant

Archiver:: Amol Dongare

Created:: 2022/09/02 12:53 PM

Updated:: 2024/07/12 4:22 PM

Resolved:: 2022/09/08 8:12 AM

Archived:: 2024/11/28 6:21 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty