From 557e2e7053680b6611f312fff132b6eb94c4a8c6 Mon Sep 17 00:00:00 2001 From: kstranacher_eGovL Date: Thu, 11 Oct 2012 13:02:47 +0000 Subject: Update https.cipherSuites git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1299 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../.settings/org.eclipse.wst.common.component | 8 +++-- .../moa/id/auth/MOAIDAuthInitializer.java | 30 +++++++++++++++-- spss/server/serverws/.classpath | 39 ++++++---------------- spss/server/serverws/.project | 4 +-- .../.settings/org.eclipse.wst.common.component | 4 +-- .../org.eclipse.wst.common.project.facet.core.xml | 4 +-- 6 files changed, 49 insertions(+), 40 deletions(-) diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component index a5eb3d4d8..7ea6221a5 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component @@ -1,7 +1,11 @@ - + + + + + - \ No newline at end of file + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 924e9d643..cf5615a13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -85,9 +85,35 @@ public class MOAIDAuthInitializer { Session session = Session.getDefaultInstance(props, null); // Restricts TLS cipher suites +// System.setProperty( +// "https.cipherSuites", +// "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); +// + // actual HIGH cipher suites from OpenSSL +// Mapping OpenSSL - Java +// OpenSSL Java +// http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html +// via “openssl ciphers -tls1 HIGH –v” +// +// ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA +// DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA +// DHE-DSS-AES256-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA +// AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA +// ADH-AES128-SHA TLS_DH_anon_WITH_AES_128_CBC_SHA +// DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA +// DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA +// AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA +// ADH-DES-CBC3-SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA +// EDH-RSA-DES-CBC3-SHA - +// EDH-DSS-DES-CBC3-SHA - +// DES-CBC3-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA + System.setProperty( - "https.cipherSuites", - "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + "https.cipherSuites", + "TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + + + // load some jsse classes so that the integrity of the jars can be // verified // before the iaik jce is installed as the security provider diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath index c9263c2c9..af4743f8a 100644 --- a/spss/server/serverws/.classpath +++ b/spss/server/serverws/.classpath @@ -1,31 +1,12 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file + + + + + + + + + + diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project index 2c2ea723a..dd934fd1a 100644 --- a/spss/server/serverws/.project +++ b/spss/server/serverws/.project @@ -17,10 +17,10 @@ org.eclipse.wst.validation.validationbuilder - org.maven.ide.eclipse.maven2Builder + org.eclipse.m2e.core.maven2Builder - org.eclipse.m2e.core.maven2Builder + org.maven.ide.eclipse.maven2Builder diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index 98ab901d4..784056e0f 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -1,13 +1,11 @@ + uses - - - diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml index a801c94a0..df66dd21b 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ - - \ No newline at end of file + + -- cgit v1.2.3