Bug 5768 - Reconfiguration of Cipher Suite
: Reconfiguration of Cipher Suite
Status: NEW
: GSI C
Authentication
: unspecified
: PC Linux
: P3 enhancement
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2008-01-09 00:06 by
Modified: 2008-08-11 15:20 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-01-09 00:06:34
Dear Developers.

I do have a problem in Globus where i could not find any location to re-setting
the cipher suite of the default 3DES 168 bit to another ciphers such as RSA+AES
256 bit. Have you any idea. Thanks
------- Comment #1 From 2008-01-09 08:56:54 -------
This is currently not possible with the toolkit. I've put an experimental patch
to GSSAPI from the trunk that enables this via an environment variable at
http://www-unix.mcs.anl.gov/~bester/patches/bug5768.diff but that functionality
is not  something currently planned for either 4.0.x or 4.2. 

On the other hand, 4.2 will include support for newer openssl versions and
better TLS1 support, so the AES256 cipher will be available by default if TLS1
is used.

Joe
------- Comment #2 From 2008-01-17 03:21:24 -------
(In reply to comment #1)
> This is currently not possible with the toolkit. I've put an experimental patch
> to GSSAPI from the trunk that enables this via an environment variable at
> http://www-unix.mcs.anl.gov/~bester/patches/bug5768.diff but that functionality
> is not  something currently planned for either 4.0.x or 4.2. 
> 
> On the other hand, 4.2 will include support for newer openssl versions and
> better TLS1 support, so the AES256 cipher will be available by default if TLS1
> is used.
> 
> Joe
> 

dear joe.

i did modify the globus_i_gsi_gss_utils.c by adding the lines of stating code
getenv "GLOBUS_SSL_CIPHERS" given by you and built it. it seemly doesn't work
and no changes. my question here is, how do we set the environment of
GLOBUS_SSL_CIPHERS inside globus. Is either using such this " export
GLOBUS_SSL_CIPHERS='ALL:!DES-CBC3-SHA' " under Linux environment or other way. 

I did as above way but still doesn't work. I test to see the cipher used by
globus container used by calling the function " openssl s_client -connect
gserverx.mimos.my:8443 ". 

At this stage, i am still unclear how this encryption happened in globus. How
to change it to different ciphers. I would appreciate you if you could send
this message to other developers also who can also give their ideas.

Thanks Joe.

regards
Nazri