[jboss-jira] [JBoss JIRA] (AS7-5501) provide means to specify allowed ciphers for management https or change default to exclude weak ciphers

Michael Yakobi (JIRA) jira-events at lists.jboss.org
Sun Jan 27 17:45:47 EST 2013 

    [ https://issues.jboss.org/browse/AS7-5501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12750699#comment-12750699 ] 

Michael Yakobi commented on AS7-5501:
-------------------------------------

I'm confused - according to http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html, I can specify "ciphers" in the SSL configuration to restrict the supported cipher suites.
However, when I try this boot fails saying "ciphers" is unexpected attribute.

So I tried using "cipher-suite" instead of "cipher" and it worked - using the following configuration I was able to remove support of weak ciphers:
{code:xml}
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
	<ssl name="ssl" password="changeit" certificate-key-file="${jboss.server.config.dir}/wfa.keystore" cipher-suite="TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" protocol="TLSv1" verify-client="false"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true">
	<alias name="localhost"/>
    </virtual-server>
</subsystem>
{code}
                
> provide means to specify allowed ciphers for management https or change default to exclude weak ciphers
> -------------------------------------------------------------------------------------------------------
>
>                 Key: AS7-5501
>                 URL: https://issues.jboss.org/browse/AS7-5501
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: Domain Management, Security
>    Affects Versions: 7.1.2.Final (EAP)
>            Reporter: R Stokoe
>            Assignee: Darran Lofthouse
>             Fix For: 7.3.0.Alpha1
>
>
> Provide means to specify allowed ciphers for management https.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list