[teiid-commits] teiid SVN: r3539 - trunk/documentation/admin-guide/src/main/docbook/en-US/content.

teiid-commits at lists.jboss.org teiid-commits at lists.jboss.org
Thu Oct 6 17:06:06 EDT 2011 

Author: rareddy
Date: 2011-10-06 17:06:06 -0400 (Thu, 06 Oct 2011)
New Revision: 3539

Modified:
   trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
Log:
TEIID-1772: adding ability custom configure the cipher suites for ssl connection

Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml	2011-10-06 20:43:45 UTC (rev 3538)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml	2011-10-06 21:06:06 UTC (rev 3539)
@@ -367,6 +367,8 @@
     <property name="truststorePassword">passwd</property>
     <!--  1-way, 2-way, anonymous -->
     <property name="authenticationMode">1-way</property>
+    <!-- an optional property to constrain the cipher suites to be negotiated between server and client -->
+    <property name="enabledCipherSuites">SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA</property>
 </bean>]]></programlisting>       
 </example>
            <itemizedlist>
@@ -387,6 +389,7 @@
             public key for the client. Depending upon how you created the keystore and truststores, 
             this may be same file as defined under  "keystoreFilename" property.</para></listitem>
             <listitem><para>truststorePassword - password for the truststore. </para></listitem>
+            <listitem><para>enabledCipherSuites - A comma separated list of cipher suites allowed for encryption between server and client</para></listitem>
            </itemizedlist>  
       	<section id="ssl_auth">
       		<title>SSL Authentication Modes</title>
@@ -408,8 +411,9 @@
       	</section>
       	<section id="encryption_strength">
       		<title>Encryption Strength</title>
-      		<para>Both anonymous SSL and login only encryption are configured to use 128 bit AES encryption.  
-      		1-way and 2-way SSL allow for cipher suite negotiation based upon the default cipher suites supported by the respective Java platforms of the client and server.		
+      		<para>Both anonymous SSL and login only encryption are configured to use 128 bit AES encryption by default.  By default,
+      		1-way and 2-way SSL allow for cipher suite negotiation based upon the default cipher suites supported by the respective Java platforms of the client and server.
+            User can restrict the cipher suites used for encryption by specifying the <emphasis>enabledCipherSuites</emphasis> property above in ssl configuration.     		
       		</para>
       	</section> 
     </section>

More information about the teiid-commits mailing list