zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA

Browse Source
This commit is contained in:
zzz
2015-10-17 20:13:03 +00:00
parent abc0f4c720
commit f713a19785
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
core/java/src/net/i2p/util/I2PSSLSocketFactory.java
View File

@@ -204,7 +204,15 @@ public class I2PSSLSocketFactory {
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
// following is disabled because it is weak
// see e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1107787
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
// ??? "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
//
// NOTE:
// If you add anything here, please also add to installer/resources/eepsite/jetty-ssl.xml
//
})); }));
/** /**

2
installer/resources/eepsite/jetty-ssl.xml
View File

@@ -248,6 +248,8 @@
<Item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</Item> <Item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item> <Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item> <Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<!-- Please keep this list in sync with the one in I2PSSLSocketFactory -->
</Array> </Array>
</Set> </Set>
</New> </New>