[jboss-user] [JBoss Remoting Users] - Disable Weak Ciphers for PCI-DSS
sunilbabu
do-not-reply at jboss.com
Fri Sep 11 10:55:56 EDT 2009
We have to disable the weak ciphers in Jboss-4.2.3.GA (ejb3 application) for pci compliance. Can someone help me with the configuration or point me to a document that explain how to disable ciphers.
Following is current connector
<mbean code="org.jboss.remoting.transport.Connector"
| name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
| <depends>jboss.aop:service=AspectDeployer</depends>
| <attribute name="Configuration">
|
| <config>
|
| <invoker transport="sslsocket">
| <attribute name="serverSocketFactory">
| jboss.remoting:service=ServerSocketFactory,type=SSL
| </attribute>
| <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
| <attribute name="serverBindPort">3843</attribute>
| <attribute name="timeout">120000</attribute>
| </invoker>
|
| <handlers>
| <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
| </handlers>
|
| </config>
| </attribute>
| </mbean>
I also tried with org.jboss.security.ssl.DomainServerSocketFactory and CipherSuites but it did not disable any ciphers.
<mbean code="org.jboss.remoting.transport.Connector"
| name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
| <depends>jboss.aop:service=AspectDeployer</depends>
| <attribute name="Configuration">
|
| <config>
|
| <invoker transport="sslsocket">
| <attribute name="serverSocketFactoryBean"
| | attributeClass="org.jboss.security.ssl.DomainServerSocketFactory"
| | serialDataType="javaBean">
| | <property name="CipherSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
| | </attribute>
| <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
| <attribute name="serverBindPort">3843</attribute>
| <attribute name="timeout">120000</attribute>
| </invoker>
|
| <handlers>
| <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
| </handlers>
|
| </config>
| </attribute>
| <!--property name="ciphers">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property-->
| </mbean>
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4254795#4254795
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4254795
More information about the jboss-user
mailing list