TLSv1.3 and any new secure cipher suites (ChaCha20 / Poly1305) show up in the default mirth.properties file
** Also updated in MirthSSLUtil
When upgrading to 3.7,
The protocol / cipher suite settings are automatically updated to the new defaults
If the previous values are not equal to the previous default, a new ".old" property is created and set to the previous value
*** An error is sent to the server log explaining that the protocols and/or cipher suites have been updated for best security practices
Change the default TLS protocols to include TLSv1.3, and also new cipher suites. Also include migration, it's probably fair to auto-migrate users if their current settings are the previous defaults.
Note:
Keep what users have set in SSL Manager for their Connectors
Update:
As it so happens, JEP 329 only adds support for the algorithms and not yet the TLS cipher suites. So only the new cipher suites appear to be:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
However, it would make sense to proactively add any new ciphers. According to JDK-8204192 the following are coming:
Change the default TLS protocols to include TLSv1.3, and also new cipher suites. Also include migration, it's probably fair to auto-migrate users if their current settings are the previous defaults.
Note:
Update:
As it so happens, JEP 329 only adds support for the algorithms and not yet the TLS cipher suites. So only the new cipher suites appear to be:
TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384
However, it would make sense to proactively add any new ciphers. According to JDK-8204192 the following are coming:
Imported Issue. Original Details: Jira Issue Key: MIRTH-4350 Reporter: narupley Created: 2018-12-12T12:15:39.000-0800