Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1539

Windows installer could strengthen EDH keys

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0-beta1
    • Fix Version/s: 4.0.0
    • Component/s: Installer
    • Labels:
      None
    • Operating System:
      Windows

      Description

      I note from my own deployment that Jetty 9.4 and our jetty-base get a pretty good SSL Labs score out of the box (B).

      It's being held back from an A only because the ephemeral DH key exchange is limited in strength.

      In my case, it's possible to improve this by adding -Djdk.tls.ephemeralDHKeySize=2048 to the command line to set the system property.

      Although this is in most cases a matter for the lucky fellow in charge of the Jetty part of the deployment, it strikes me that our Windows installer might want to think about setting this up for installations of IdPv4 + Jetty 9.4.

        Attachments

          Activity

            People

            Assignee:
            rdw@iay.org.uk Rod Widdowson
            Reporter:
            ian@iay.org.uk Ian Young
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: