How to exclude weak strength ciphers from servicemix-4.3.1

divakar Nov 29, 2012 9:23 AM

Hi,

Recently during security scan, we landed on a security violation stating that the system supports "Medium Strength Ciphers". But it looks like servicemix is internally supporting these weak ciphers. When i stop the servicemix, there were no issues.

I am using servicemix-4.3.1 version.

Can someone please let me know, how can i avoid servicemix supporting the weak ciphers.

Thanks In Advance,

Jeevan

1. Re: How to exclude weak strength ciphers from servicemix-4.3.1

ffang Dec 2, 2012 10:53 PM (in response to divakar)

Hi,

As FUSE ESB is a general container so you basically can deploy any application in it. IMO, the "Medium Strength Ciphers" most likely from the application you deployed into the FUSE ESB, we have no idea about your application so we can't give very helpful info here.

Btw, you can specify any security provider you want in FUSE ESB, take a look at[1], the "Deploying security providers" part, that may help you get some hint.

http://karaf.apache.org/manual/latest-2.3.x/users-guide/security.html

Freeman
Actions