Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7812

Some weak cipher suites allowed in example jetty.xml HTTPS config

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Fixed
    • Meridian-2015.1.0, 16.0.2
    • 16.0.3, Meridian-2015.1.1
    • Web UI - General
    • Security Level: Default (Default Security Scheme)
    • None
    • Any system where the jetty.xml file has been copied from {{OPENNMS_HOME/etc/examples}} into {{OPENNMS_HOME/etc}} and the HTTPS section uncommented

    Description

      A PCI-DSS audit scan found two weak DH cipher suites are allowed in this configuration which permit ephemeral keys smaller than 1024 bits.

      Adding the following items to the list of excluded cipher suites addresses the problem:

      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA

      Support ticket: https://mynms.opennms.com/Ticket/Display.html?id=3931

      Attachments

        Activity

          People

            seth Seth Leger
            jeffg Jeff Gehlbach
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.