[jboss-user] [JBoss Remoting Users] - Disable Weak Ciphers for PCI-DSS

sunilbabu do-not-reply at jboss.com
Fri Sep 11 10:55:56 EDT 2009 

We have to disable the weak ciphers in Jboss-4.2.3.GA (ejb3 application) for pci compliance. Can someone help me with the configuration or point me to a document that explain how to disable ciphers. 

Following is current connector 
    <mbean code="org.jboss.remoting.transport.Connector"
  |       name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
  |       <depends>jboss.aop:service=AspectDeployer</depends>
  |       <attribute name="Configuration">
  | 
  |         <config>
  | 
  |          <invoker transport="sslsocket">
  |              <attribute name="serverSocketFactory">
  |                 jboss.remoting:service=ServerSocketFactory,type=SSL
  |              </attribute>
  |              <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
  |              <attribute name="serverBindPort">3843</attribute>
  |              <attribute name="timeout">120000</attribute>
  |          </invoker>
  | 
  |          <handlers>
  |             <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
  |          </handlers>
  | 
  |         </config>
  |       </attribute>
  |    </mbean>


I also tried with org.jboss.security.ssl.DomainServerSocketFactory and CipherSuites but it did not disable any ciphers.
   <mbean code="org.jboss.remoting.transport.Connector"
  |       name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
  |       <depends>jboss.aop:service=AspectDeployer</depends>
  |       <attribute name="Configuration">
  | 
  |         <config>
  | 
  |          <invoker transport="sslsocket">
  |            <attribute name="serverSocketFactoryBean"
  |   |                 attributeClass="org.jboss.security.ssl.DomainServerSocketFactory"
  |   |                 serialDataType="javaBean">
  |   |                 <property name="CipherSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
  |   |              </attribute>
  |              <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
  |              <attribute name="serverBindPort">3843</attribute>
  |              <attribute name="timeout">120000</attribute>
  |          </invoker>
  | 
  |          <handlers>
  |             <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
  |          </handlers>
  | 
  |         </config>
  |       </attribute>
  |              <!--property name="ciphers">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property-->
  |    </mbean>

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4254795#4254795

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4254795

More information about the jboss-user mailing list