Blacklist the Triple DES cipher suite

In reaction to CVE-2016-2183 [0], this disables the Triple DES cipher
suites.  JCA nomenclature denotes this using "DESede".

[0] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183

Change-Id: I27c0b65bbe07be2ef7664fb7dc023ceb8aa4f551
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>

diff --git a/karaf/opendaylight-karaf-resources/src/main/resources/etc/odl.java.security b/karaf/opendaylight-karaf-resources/src/main/resources/etc/odl.java.security
index 715c84761004e0569bb81f280669fabcec0ac25b..ee6e030d6c6ff1aecbc902cc752ca1bc591dc89e 100644 (file)
--- a/karaf/opendaylight-karaf-resources/src/main/resources/etc/odl.java.security
+++ b/karaf/opendaylight-karaf-resources/src/main/resources/etc/odl.java.security
@@ -3,4 +3,4 @@
 # Additional information can also be found in the default java.security file: JAVA_HOME/jre/lib/security/java.security
 
 # Disable weak ciphers and ciphers vulnerable to the Logjam exploit, more information can be found here https://bugs.opendaylight.org/show_bug.cgi?id=3552
-jdk.tls.disabledAlgorithms=EXPORT, RC4, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, anon
\ No newline at end of file
+jdk.tls.disabledAlgorithms=EXPORT, RC4, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, DESede, anon