[jboss-jira] [JBoss JIRA] (AS7-5501) provide means to specify allowed ciphers for management https or change default to exclude weak ciphers

[ https://issues.jboss.org/browse/AS7-5501?page=com.atlassian.jira.plugin.s... ] Michael Yakobi commented on AS7-5501: ------------------------------------- I'm confused - according to http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html, I can specify "ciphers" in the SSL configuration to restrict the supported cipher suites. However, when I try this boot fails saying "ciphers" is unexpected attribute. So I tried using "cipher-suite" instead of "cipher" and it worked - using the following configuration I was able to remove support of weak ciphers: {code:xml} <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="ssl" password="changeit" certificate-key-file="${jboss.server.config.dir}/wfa.keystore" cipher-suite="TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" protocol="TLSv1" verify-client="false"/> </connector> <virtual-server name="default-host" enable-welcome-root="true"> <alias name="localhost"/> </virtual-server> </subsystem> {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira