Project

General

Profile

Actions

Enhancement #301

closed

Allow cipher spec setting

Added by Christopher Head over 11 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Target version:
Start date:
2012-08-11
Due date:
% Done:

100%

Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

I want to use an RSA certificate because RSA is more widely supported. However, I want to refuse to use straight-RSA key exchange cipherspecs; I want to only ever use RSA+DHE key exchanges because they add perfect forward secrecy. I can't do that because bip doesn't allow me to enter a cipherspec string restricting what types of cipherspecs to use. Basically I want Apache/mod_ssl's <http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite> in bip. This would also allow the administrator to disable other miscellaneous cipherspecs if they prove to be insecure without having to wait for new versions of software to come out.

Actions #1

Updated by Marian S over 9 years ago

I'd like to push this and I'd think this is not an enhancement but a bug.
Even though bip maybe isn't vulnerable to the SSL 3.0 vulnerability exposed today (poodle), something else can come out any day. And, generally, it is a very good idea to be able to blacklist ciphers/protocols that are no longer in use.
Thus I'd say this deserves a high priority and I'd be very happy to see this implemented!

Actions #2

Updated by Pierre-Louis Bonicoli almost 8 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions #3

Updated by Pierre-Louis Bonicoli almost 8 years ago

  • Status changed from Resolved to In Progress
  • Assignee set to Pierre-Louis Bonicoli
  • Target version set to 0.9.0
  • % Done changed from 100 to 50
  • Patch Available changed from No to Yes
  • Confirmed changed from No to Yes
Actions #4

Updated by Pierre-Louis Bonicoli over 7 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100
Actions

Also available in: Atom PDF