Skip to main content

Posts

Showing posts from July, 2012

From XML Firewall to API Server

It is very interesting to see the development of Vordel products. More precisely how they are marketing their products.The "XML Firewall" was like a "Layer 7 Firewall", focusing on the application level.Then it evolved to XML Gateway, SOA Gateway and now: here is how they define their "API Server": http://www.soatothecloud.com/2012/06/vordel-introduces-api-server.html.As a side note, I can't resist a little quote against SOAP: http://www.soatothecloud.com/2012/07/what-scales-better-internet-or-esb.html

TLS: Disabling legacy cipher suites

First: "A cipher suite is a named combination of authentication, encryption, and message authentication code (MAC) algorithms".If you are using TLS (for HTTPS typicaly) you may want to remove some Cipher Suites.You maybe a little bit less compatible, but also a bit more secure. Things will be better when TLS1.2 is implemented everywhere.You can also claim to be FIPS 140 compliant: http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf !How to do it:From the command line:  http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizationFrom code:  http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String%5B%5D)Jetty: http://wiki.eclipse.org/Jetty/Howto/CipherSuitesTomcat: Look at the "ciphers" attribute in  http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_SupportIf someone knows how to do it on the IBM J9 via configuration, I am interested.