[#OPNFLWPLUG-485] Address various encryption related CVEs and RFCs

[OPNFLWPLUG-485] Address various encryption related CVEs and RFCs Created: 04/Jun/15 Updated: 27/Sep/21 Resolved: 09/Sep/15
Status:	Resolved
Project:	OpenFlowPlugin
Component/s:	General
Affects Version/s:	None
Fix Version/s:	None

Type:

Bug

Reporter:

Anton Ivanov

Assignee:

Unassigned

Resolution:

Done

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Operating System: All
Platform: All

Issue Links:

Blocks
is blocked by	~~CONTROLLER-1354~~	[SECURITY] LOGJAM: TLS connections wh...	Resolved

External issue ID:

3585

Description

Openflow plugin uses TLS without restricting the cipher list to eliminate various ciphers which have been found vulnerable:

RC4 - RFC 7465
Export ciphers - LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks CVE-2015-4000

This is presently being worked on the controller project as bugs 3351, 3352, 3353.

3352 should provide the relevant configuration mechanisms and utility classes for other projects to use to configure ciphers for native (not http) tls correctly.

Comments

Comment by Anton Ivanov [ 04/Jun/15 ]

Sorry, got the depends wrong.

This depends on 3552, not 3352

Comment by Anton Ivanov [ 09/Sep/15 ]

This is now configurable globally via a settable security property which allows to turn on/off specific protocols. This is honored by netty so it should work correctly for the openflow plugign.

Generated at Wed Feb 07 20:32:37 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[OPNFLWPLUG-485] Address various encryption related CVEs and RFCs Created: 04/Jun/15 Updated: 27/Sep/21 Resolved: 09/Sep/15