Details
-
Bug
-
Resolution: Fixed
-
Critical
-
6.5.0
-
Untriaged
-
Unknown
Description
See comments from Brett Lawson and me on MB-36900. At a minimum we should reorder our high security cipher suites as follows:
[
|
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
"TLS_RSA_WITH_AES_128_CBC_SHA"
|
]
|
But we may want to do more based on Brett's investigations.
Attachments
Issue Links
For Gerrit Dashboard: MB-37083 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
118648,4 | MB-37083: Reorder high ciphers for cbauth | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
118750,1 | Merge remote-tracking branch 'couchbase/mad-hatter' | master | ns_server | Status: MERGED | +2 | +1 |