Issue Details (XML | Word | Printable)

Key: JDBC-546
Type: New Feature New Feature
Status: Open Open
Priority: Major Major
Assignee: Mark Rotteveel
Reporter: Mark Rotteveel
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
Jaybird JDBC Driver

Add permission check for RC4 encryption with 160 bits key and otherwise default to wireCrypt=DISABLED instead of ENABLED

Created: 22/Aug/18 03:18 PM   Updated: 22/Apr/19 10:05 AM
Component/s: JDBC driver, Wire protocol
Affects Version/s: Jaybird 3.0.4, Jaybird 3.0.5, Jaybird 4
Fix Version/s: Jaybird 5

Issue Links:

 Description  « Hide
See JDBC-543. Investigate if it is possible to check if we can use RC4/ARCFOUR with 160 bits key and if not default to wireCrypt DISABLED (eg if the limited cryptographic jurisdiction policy is used).

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Mark Rotteveel added a comment - 22/Aug/18 03:18 PM
Only backport to 3.0.x if simple to do.

Mark Rotteveel added a comment - 22/Aug/18 03:22 PM

Mark Rotteveel added a comment - 22/Aug/18 06:15 PM
Note that the connection doesn't actually fail (unless wireCrypt=REQUIRED), it just logs warnings on each connect. We may also want to consider to reduce the logging in some way (eg only log the stacktrace on WARN the first time, and the remainder on DEBUG)

Mark Rotteveel added a comment - 08/Oct/18 03:28 PM
Checking for 160 bits key length support will tie this intimately to current SRP session key length, but anticipating different session key lengths (which may or may not ever happen), will make this more complex. I'm not sure what the right solution is yet.

Mark Rotteveel added a comment - 22/Apr/19 10:05 AM
Decide to delay this to wait for multiple wire crypt plugins to see what a good solution would be.