'tomcatjss' is currently utilized by 'pki-ca', 'pki-kra', 'pki-ocsp', and 'pki-tks'. Examination of the code revealed that DES ciphers populated to 'server.xml' for 'pki-ca', 'pki-kra', 'pki-ocsp', and 'pki-tks' per 'pkiparser.py'/'pkicreate' include:
ssl2: -SSL2_DES_64_CBC_WITH_MD5 -SSL2_DES_192_EDE3_CBC_WITH_MD5 ssl3: +SSL3_RSA_WITH_DES_CBC_SHA -SSL_RSA_FIPS_WITH_DES_CBC_SHA NOTE: '-' in front of cipher means explicitly disabled, '+' in front of cipher means explicitly enabled
Consider disabling '+SSL3_RSA_WITH_DES_CBC_SHA' as '-SSL3_RSA_WITH_DES_CBC_SHA' in 'pkiparser.py' and 'pkicreate'.
This ticket was extracted from https://fedorahosted.org/pki/ticket/700 - TRAC Ticket #700 - Disable all DES-based ciphers.
checked into master:
Metadata Update from @mharmsen: - Issue assigned to mharmsen - Issue set to the milestone: 10.1 - 08/13 (August)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1275
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.