PunchPlatform Proprietary Software¶
All components included in PunchPlatform, that are not associated in PunchPlatform source code to any explicitly mentioned open-source licence, are Licensed under the Thales Inner Source Software License (Version 2.0, InnerPublic - OuterRestricted the "License");
The PunchPlatform distributions are (c) Copyright Thales Services 2017, although included packages, libraries or setups mentioned above as related to an open-source license may be copied or distributed as allowed by this specifically applicable license.
The PunchPlatform software can be deployed on :
- Ubuntu 18.04 or later
- Debian 9 or later (not tested)
- CentOS 7 or later
- RedHat 7 or later (not tested)
Third Party dependencies¶
The PunchPlatform software includes the following open-source or thales inner-source components. For the associated version number, please refer to the Security Issues documentation.
The punch is built on top of kast release aurora-1.0. Please refer to the kast documentation for the list of supported COTS.
JSON parser/query command-line tool
- source: http://stedolan.github.io/jq
- license: MIT License
- suggested deployment: ubuntu apt repositories or brew (for macos)
Command-line HTTP queries tool (used by PunchPlatform bash scripts to interact with elasticsearch to manage drivers) (x86_64-pc-linux-gnu)
- suggested deployment: ubuntu apt repositories (package python-jinja2)
- version: = 3.6.x
- suggested deployment: platform dependent.
The punchplatform requires the OpenJdk runtime 11
the classpath exception is important:
"As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library."
Export of Cryptography¶
Punch socket endpoints can be configured with ciphering. Here are the available ciphers used with the default JDK ssl/tls provider:
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA256" "TLS_RSA_WITH_AES_128_CBC_SHA"
Here are the available ciphers used with the default OPENSSL/OPENSSL_RFCNT ssl/tls provider:
"ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-SHA384" "DHE-RSA-AES256-GCM-SHA384" "DHE-RSA-AES256-SHA256" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-RSA-AES128-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES256-SHA384" "AES128-GCM-SHA256" "AES128-SHA256" "AES256-GCM-SHA384" "AES256-SHA256"