[jboss-jira] [JBoss JIRA] (WFCORE-2852) Elytron, specify cipher-suite-filter default

Elytron, specify cipher-suite-filter default --------------------------------------------- Key: WFCORE-2852 URL: https://issues.jboss.org/browse/WFCORE-2852 Project: WildFly Core Issue Type: Task Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Blocker Elytron comes with default use-cipher-suites-order = true. {code} "use-cipher-suites-order" => { "type" => BOOLEAN, "description" => "To honor local cipher suites preference.", "expressions-allowed" => true, "required" => false, "nillable" => true, "default" => true, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" } {code} It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default {code} "cipher-suite-filter" => { "type" => STRING, "description" => "The filter to apply to specify the enabled cipher suites.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" } {code} Nowadays default is just {{org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault()}} ("DEFAULT")