Skip to main content

Disabling Specific Ciphers In Jenkins

Comments

1 comment

  • Steven Christenson

    From guess and fail strategy, discovered that the following java.security settings worked well. However the java.security file which is normally owned by root must have read permission for ALL or it does not get used. When the permissions are incorrect, or there is a misconfiguration since Jenkins 2.7x FireFox was reporting "no overlapping cyphers" and failing to connect. Note that I commented out the "jdk.tls.legacyAlgorithms" as it really doesn't make sense to allow them to be used at all if you're trying to be secure.

        jdk.tls.disabledAlgorithms=RC4, DES-CBC3-SHA keySize < 256, SSLv3, DSA, RSA keySize < 2048
        
        # jdk.tls.legacyAlgorithms= \
        # K_NULL, C_NULL, M_NULL, \
        # DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        # DH_RSA_EXPORT, RSA_EXPORT, \
        # DH_anon, ECDH_anon, \
        # RC4_128, RC4_40, DES_CBC, DES40_CBC

    0

Please sign in to leave a comment.

About CloudBees Support

Our Support Engineers are available to help with any questions or problems you may have with any of our products.