Hi team,
I have 4.19.01 installed (OPDK).
I have a backend with very low TLS and cipher:
TLSv1, and cipher RC4-SHA
Listed here: https://github.com/apigee/trireme/blob/master/core/ssl-ciphers.txt I guess I need to use the Apigee cipher property that equals either: SSL_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_RC4_128_SHA
When I save the policy, I get an error about not supported cipher, and list of supported ones, however - in the TLS Keystore 'test' screen I can test these ciphers, but cannot assign them to the property of EndPoint route.
Error Saving Revision 2Target default: TLS_RSA_WITH_RC4_128_SHA is not in supported ciphers
My conf is:
<HTTPTargetConnection> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>true</ClientAuthEnabled> <Protocols> <Protocol>TLSv1.0</Protocol> </Protocols> <Ciphers> <Cipher>TLS_RSA_WITH_RC4_128_SHA</Cipher> </Ciphers> <KeyStore>myKeystore</KeyStore> <KeyAlias>myKey</KeyAlias> <TrustStore>ref://myTrustStoreRef</TrustStore> </SSLInfo> <URL>https://myservice.com</URL> </HTTPTargetConnection>
What is the correct Cipher for me to use to work with customers RC4-SHA?
Denis
Hi Denis, As I see this issue may have occurred because Apigee Message Processor is implemented in Java, and Java is not supporting TLS_RSA_WITH_RC4_128_SHA cipher suite due to the below security issue since 2015-04-15:
RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465): https://bugs.openjdk.java.net/browse/JDK-8076221
Hi Imesh,
Yes, correct,
however - in this screen I can see similarTLS and can test it, so why in MP level its not supported? (I can't see it in supported list of ciphers in the endpoint configuration)
Anyway, any chance to implement such thing (without custom java callout)? Maybe other ciphers can support RC4 within?
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |