Closed: Fixed None Opened 9 years ago by mharmsen.

'tomcatjss' is currently utilized by 'pki-ca', 'pki-kra', 'pki-ocsp', and 'pki-tks'. Examination of the code revealed that DES ciphers populated to 'server.xml' for 'pki-ca', 'pki-kra', 'pki-ocsp', and 'pki-tks' per 'pkiparser.py'/'pkicreate' include:


    NOTE: '-' in front of cipher means explicitly disabled,
          '+' in front of cipher means explicitly enabled

Consider disabling '+SSL3_RSA_WITH_DES_CBC_SHA' as '-SSL3_RSA_WITH_DES_CBC_SHA' in 'pkiparser.py' and 'pkicreate'.

This ticket was extracted from https://fedorahosted.org/pki/ticket/700 - TRAC Ticket #700 - Disable all DES-based ciphers.

checked into master:

  • 443bffbe31971a66ce7b83c3f447057957b121cb

Metadata Update from @mharmsen:
- Issue assigned to mharmsen
- Issue set to the milestone: 10.1 - 08/13 (August)

5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.