'tomcatjss' is a JSSE module for Tomcat that uses JSS, a Java interface to Network Security Services (NSS). As such, it retrieves its active ciphers via reading them from a Tomcat 7 'server.xml' configuration file. The following DES ciphers are "configurable" for 'tomcatjss' (JSSSocketFactory.java):
ssl2: SSL2_DES_64_CBC_WITH_MD5 SSL2_DES_192_EDE3_CBC_WITH_MD5 ssl3: SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA SSL3_RSA_WITH_DES_CBC_SHA SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA SSL3_DH_DSS_WITH_DES_CBC_SHA SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA SSL3_DH_RSA_WITH_DES_CBC_SHA SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL3_DHE_DSS_WITH_DES_CBC_SHA SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL3_DHE_RSA_WITH_DES_CBC_SHA SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA SSL3_DH_ANON_WITH_DES_CBC_SHA SSL_RSA_FIPS_WITH_DES_CBC_SHA tls: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
The remaining portion of the initial description of this ticket was relocated to its own TRAC ticket:
TRAC Ticket #706 - Disable '+SSL3_RSA_WITH_DES_CBC_SHA' as '-SSL3_RSA_WITH_DES_CBC_SHA' in 'pkiparser.py'
'jss' is a java native interface which provides a bridge for java-based applications to use native NSS.
'jss' contains a list of cipher suites that are implemented by NSS in 'org/mozilla/jss/ssl/SSLSocket.java'; only cipher suites implemented by NSS are enabled by default.
All java-based tools utilize JSS as their crypto interface to NSS, and need to be reviewed individually to determine if they contain any DES issues.
[06/04/2014] - Moving to Milestone 10.2 (June) as this may be addressed by other required tomcatjss work due for RHEL 6.
Moved from Dogtag 10.2 (June) --> Dogtag 10.2 (July).
After discussions, decided to move this to 10.2.3.
Per Dogtag 10.2.X meeting of 01/14/2015: Milestone 10.2 Backlog
Per 10.2.3 TRIAGE meeting of 02/26/2015: 10.3
NOTE: Moved from 10.2 Backlog since it was not a documentation/man page issue.
Metadata Update from @mharmsen: - Issue assigned to cfu - Issue set to the milestone: 10.4
Per CS/DS meeting of 04/24/2017: 10.5
Metadata Update from @mharmsen: - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None - Issue set to the milestone: 10.5 (was: 10.4)
Metadata Update from @mharmsen: - Issue priority set to: major (was: critical)
[20171025] - Offline Triage ==> 10.6
Metadata Update from @mharmsen: - Issue set to the milestone: 10.6 (was: 10.5)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1269
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.