Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34911

Restrict TLS ciphers supported by servers and clients

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Gone away
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Networking, Security
    • Labels:

      Description

      There are a wide variety of ciphers suites, defined across the TLS RFCs. These suites will specify the hashing algorithm and the asymmetric and symmetric cryptography used in the TLS conversation. Some suites provide useful properties, like Perfect Forward Secrecy.

      The server and shell should restrict themselves to using a limited set of suites which provide PFS, and use modern algorithms which are considered to have wide security margins.

      Below are a set of cipher suites which would be supported.

      Cipher Suites
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kenneth.white Kenneth White
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: