[CONTROLLER-1356] Disable RC4 in ssh Created: 03/Jun/15 Updated: 25/Jul/23 Resolved: 09/Jun/15 |
|
| Status: | Resolved |
| Project: | controller |
| Component/s: | netconf |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Anton Ivanov | Assignee: | Tomas Cere |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 3555 |
| Description |
|
Apache MINA used in Lithium for SSH contains an RC4 implementation. This needs to be disabled at configuration time to comply with current security best practices due to the various attacks available against it. |
| Comments |
| Comment by Tomas Cere [ 03/Jun/15 ] |