I'm confused. It doesn't look like the ciphers the vulnerability is citing
are allowed in the java.security file on this system. We're getting
flagged for:
hmac-md5
hmac-md5-96
hmac-sha1-96
Settings are:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Am I missing this, not a java security expert by any means... Thanks!
On Monday, August 24, 2020 at 11:09:43 AM UTC-6 kuisat...@gmail.com wrote:
> Yes, configuring the ciphers accepted by your JDK edit the
> file lib\security\java.security (the path will vary based on your Java
> version)
>
> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2, eric....@gmail.com
> escribió:
>
>> Hi all! I'm getting hit by my secuity team for a vulnerability for the
>> Jenkins CLI via ssh allowing the following weak ciphers:
>>
>> hmac-md5
>> hmac-md5-96
>> hmac-sha1-96
>>
>> Is there a way to configure ciphers accepted for the Jenkins CLI?
>>
>> Thanks,
>> Eric
>>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/cd72f7b2-5aa3-4e6e-96da-579cb50b43e3n%40googlegroups.com.
