[JIRA] (JENKINS-57455) Jenkins is not exposing cipher for TLSv1.1 and TLS1

9 views
Skip to first unread message

saxenadeepakkumar@gmail.com (JIRA)

unread,
May 14, 2019, 10:00:02 AM5/14/19
to jenkinsc...@googlegroups.com
deepak kumar updated an issue
 
Jenkins / Task JENKINS-57455
Jenkins is not exposing cipher for TLSv1.1 and TLS1
Change By: deepak kumar
Summary: Jenkins is not exposing weak cipher for TLSv1.1 and TLS1
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

saxenadeepakkumar@gmail.com (JIRA)

unread,
May 15, 2019, 6:11:03 AM5/15/19
to jenkinsc...@googlegroups.com
deepak kumar updated an issue
Jenkins (2.164.1) is not exposing weak ciphers. We want to attach our jenkins instance to our VIP netscalar. But our netscalar does not support TLSv1.2 and we are getting only TLSv1.2 cipher.
{code:java}
// code placeholder
ssl-enum-ciphers:
|   TLSv1.0: No supported ciphers found
|   TLSv1.1: No supported ciphers found
|   TLSv1.2:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors:
|       NULL

{code}
Please suggest, how can we introduce cipher for TLSv1.1 and TLSv1?

Please help us, we are in blocking state.

Thanksm

o.v.nenashev@gmail.com (JIRA)

unread,
May 16, 2019, 7:56:02 AM5/16/19
to jenkinsc...@googlegroups.com
Oleg Nenashev commented on Task JENKINS-57455
 
Re: Jenkins is not exposing cipher for TLSv1.1 and TLS1

As designed IMHO. We include only standard Ciphers from MINA SSHD, and TLS 1.1 ciphers are not offered there due to security reasons. It is possible to make ciphers configurable via system properties in https://github.com/jenkinsci/sshd-module/blob/d31495b398a02fca5b87d2aa332188f78a097052/src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java#L44-L46 , I would be open to review and probably accept such patch

saxenadeepakkumar@gmail.com (JIRA)

unread,
May 17, 2019, 5:30:02 AM5/17/19
to jenkinsc...@googlegroups.com

Thanks a lot Oleg Nenashev for looking into this.

It would be great, if you can provide any patch for this (As we are blocked with this). I don't find any solution to enable TLSv1 cipher by setting any property.

 

Thanks in advance!

o.v.nenashev@gmail.com (JIRA)

unread,
May 17, 2019, 5:57:01 AM5/17/19
to jenkinsc...@googlegroups.com

Sorry, I have neither time nor interest to help with supporting obsolete and insecure TLS protocols.

I can review pull requests from others, but I will not be working on a patch

 
Reply all
Reply to author
Forward
0 new messages