0 Replies Latest reply on Jun 2, 2014 8:51 AM by Aleksandr Voloschuk

    disabling CBC mode ciphers

    Aleksandr Voloschuk Newbie
      hello
      encountered such a problem:
      management of information security vulnerability found on a production environment, namely:

      SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability port 8443/tcp over SSL

      RC4-SHA ECDHE-RSA-DES-CBC3-SHA SSLv3

       

      they offer a solution:

      This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If
      upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability. Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability.

      as TLS upgrade we can not, it remains disabling CBC mode ciphers


      our platform is jboss-eap-6.1



      tried to add to domayn.hml following parameters:

      cipher-suite="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"


      but it did not help ((


      can anyone have it any idea what it can be turned off?
      thanks in advance