una-tapa
commented
4 years ago Consulted with SSL expert and security architect today. Planning to socialize security team.
Open una-tapa opened 4 years ago
una-tapa
commented
4 years ago Consulted with SSL expert and security architect today. Planning to socialize security team.
mchenggit
commented
4 years ago WAD Review Comments: 1) Clarify the uburuK diagram to show using standalone tool to try cipher suites which can then be used to configure WAS traditional or Liberty servers 2) More details on the pros and cons of existing tools 3) Clarify tool is not dependent on specific JCE implementation 4) Output should link to documentation about how to interpret and configure the servers 5) Consider switching output to "TLS v1.0", "TLS v1.1", etc. 6) Option to report all ciphers that were tried, even unsafe ciphers that were rejected. 7) Testing on Z
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] When we try to configure SSL connection with peer (LDAP, WebService, etc), we don't usually know what ssl protocols or ciphers the SSL peer can accept. It is time consuming to try many combinations to configure successful SSL connection.
Describe the solution you'd like
TLS Cipher profiler that prints out cipher and protocol combination that the SSL peer accepts. Optionally retrieve signers from the peer.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Web Application that can be deployed on Liberty that has the same function described above. But it is one extra step. Built-in function is preferred.
Additional context Add any other context or screenshots about the feature request here.
To be updated.