honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove DHE cipher from default list 

This commit removes the DHE cipher from our list of enabled ciphers
due to the recently published Logjam attack. The default configuration
is not susceptible to the Logjam attack, but since we support Java 7
the maximum prime size (768 bit) is considered too weak. Java 8 supports
1024 bit primes, but these are also not ideal and this cipher should not be
used with a prime smaller than 2048 bits.

Closes elastic/elasticsearch#862

Original commit: elastic/x-pack-elasticsearch@9785bf47cf
This commit is contained in:
jaymode 2015-05-28 10:42:59 -04:00
parent c01eef8863
commit 44017711e2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/elasticsearch/shield/ssl/AbstractSSLService.java
View File

@ -39,7 +39,7 @@ public abstract class AbstractSSLService extends AbstractComponent {
public static final String[] DEFAULT_SUPPORTED_PROTOCOLS = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
static final String[] DEFAULT_CIPHERS = new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" };
static final String[] DEFAULT_CIPHERS = new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" };
static final TimeValue DEFAULT_SESSION_CACHE_TIMEOUT = TimeValue.timeValueHours(24);
static final int DEFAULT_SESSION_CACHE_SIZE = 1000;
static final String DEFAULT_PROTOCOL = "TLS";