jonathanmtran · February 20, 2016 00:18
diff --git a/tls-default.conf b/tls-default.conf
 # This file allows to restrict SSL behavior in Mule. If the file doesn't exist or a property is not defined,
 # default values of the current security provider will be used.


 # Cipher suites that will be enabled in SSL. If this property is set, SSL sockets will
 # only use cipher suites that are provided in this list and supported by the current security provider.
 enabledCipherSuites=TLS_KRB5_WITH_3DES_EDE_CBC_MD5,        \
                    TLS_KRB5_WITH_RC4_128_SHA,             \
                    SSL_DH_anon_WITH_DES_CBC_SHA,          \
                    # TLS_DH_anon_WITH_AES_128_CBC_SHA,      \
                    # TLS_DHE_RSA_WITH_AES_128_CBC_SHA,      \
                    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, \
                    SSL_RSA_EXPORT_WITH_RC4_40_MD5,        \
                    # SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,     \
                    # TLS_DHE_RSA_WITH_AES_256_CBC_SHA,      \
                    TLS_KRB5_WITH_3DES_EDE_CBC_SHA,        \
                    # SSL_RSA_WITH_RC4_128_SHA,              \
                    TLS_KRB5_WITH_DES_CBC_MD5,             \
                    TLS_KRB5_EXPORT_WITH_RC4_40_MD5,       \
                    TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,   \
                    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, \
                    TLS_KRB5_EXPORT_WITH_RC4_40_SHA,       \
                    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,    \
                    SSL_DHE_DSS_WITH_DES_CBC_SHA,          \
                    TLS_KRB5_WITH_DES_CBC_SHA,             \
                    # SSL_RSA_WITH_NULL_MD5,                 \
                    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,      \
                    # SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,     \
                    TLS_RSA_WITH_AES_128_CBC_SHA,          \
                    SSL_DHE_RSA_WITH_DES_CBC_SHA,          \
                    # TLS_DH_anon_WITH_AES_256_CBC_SHA,      \
                    TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,   \
                    SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, \
                    # SSL_RSA_WITH_NULL_SHA,                 \
                    TLS_KRB5_WITH_RC4_128_MD5,             \
                    TLS_RSA_WITH_AES_256_CBC_SHA,          \
                    SSL_RSA_WITH_DES_CBC_SHA,              \
                    TLS_EMPTY_RENEGOTIATION_INFO_SCSV,     \
                    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,     \
                    # SSL_DH_anon_WITH_RC4_128_MD5,          \
                    # SSL_RSA_WITH_RC4_128_MD5,              \
                    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,      \
                    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,     \
                    SSL_RSA_WITH_3DES_EDE_CBC_SHA

 # Protocols that will be enabled in SSL. If this property is set, SSL sockets will only use protocols
 # that are provided in this list and supported by the current security provider.
 enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
	# This file allows to restrict SSL behavior in Mule. If the file doesn't exist or a property is not defined,
	# default values of the current security provider will be used.


	# Cipher suites that will be enabled in SSL. If this property is set, SSL sockets will
	# only use cipher suites that are provided in this list and supported by the current security provider.
	enabledCipherSuites=TLS_KRB5_WITH_3DES_EDE_CBC_MD5, \
	TLS_KRB5_WITH_RC4_128_SHA, \
	SSL_DH_anon_WITH_DES_CBC_SHA, \
	# TLS_DH_anon_WITH_AES_128_CBC_SHA, \
	# TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
	SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, \
	SSL_RSA_EXPORT_WITH_RC4_40_MD5, \
	# SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, \
	# TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
	TLS_KRB5_WITH_3DES_EDE_CBC_SHA, \
	# SSL_RSA_WITH_RC4_128_SHA, \
	TLS_KRB5_WITH_DES_CBC_MD5, \
	TLS_KRB5_EXPORT_WITH_RC4_40_MD5, \
	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, \
	SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, \
	TLS_KRB5_EXPORT_WITH_RC4_40_SHA, \
	SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, \
	SSL_DHE_DSS_WITH_DES_CBC_SHA, \
	TLS_KRB5_WITH_DES_CBC_SHA, \
	# SSL_RSA_WITH_NULL_MD5, \
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA, \
	# SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, \
	TLS_RSA_WITH_AES_128_CBC_SHA, \
	SSL_DHE_RSA_WITH_DES_CBC_SHA, \
	# TLS_DH_anon_WITH_AES_256_CBC_SHA, \
	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, \
	SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, \
	# SSL_RSA_WITH_NULL_SHA, \
	TLS_KRB5_WITH_RC4_128_MD5, \
	TLS_RSA_WITH_AES_256_CBC_SHA, \
	SSL_RSA_WITH_DES_CBC_SHA, \
	TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
	SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, \
	# SSL_DH_anon_WITH_RC4_128_MD5, \
	# SSL_RSA_WITH_RC4_128_MD5, \
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA, \
	SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, \
	SSL_RSA_WITH_3DES_EDE_CBC_SHA

	# Protocols that will be enabled in SSL. If this property is set, SSL sockets will only use protocols
	# that are provided in this list and supported by the current security provider.
	enabledProtocols=TLSv1,TLSv1.1,TLSv1.2