Ron Sigal [http://community.jboss.org/people/ron.sigal%40jboss.com] replied to the discussion "Disable Weak Ciphers for PCI-DSS" To view the discussion, visit: http://community.jboss.org/message/539915#539915 -------------------------------------------------------------- Hi Sunil Updating is just a matter of replacing jboss-remoting.jar.  In the context of the Application Server (4.2.x), you want to replace it in $JBOSS_HOME/server/$CONFIG/lib and $JBOSS_HOME/client.  Note, also, that client/jbossall-client.jar contains the Remoting files, so you would want to put jboss-remoting.jar in front of jbossall-client.jar on the classpath. In principle, it should be possible to just drop in a new jboss-remoting.jar.  I've heard of people using Remoting 2.4/2.5 with AS 4.2.x, and I'm not aware of any problems.  No warranty, of course. There's another alternative, though.  You can configure Remoting to use a custom ServerSocketFactory, so you could write a ServerSocketFactory which sets the enabledCipherSuites property before returning the ServerSocket.  See Section 5.7.3. "Server side configuration in the JBoss Application Server" in the Remoting Guide: http://docs.jboss.org/jbossremoting/2.2.3.SP2/html/ http://docs.jboss.org/jbossremoting/2.2.3.SP2/html/ -Ron -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/539915#539915] Start a new discussion in JBoss Remoting at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]