[jboss-jira] [JBoss JIRA] (WFLY-6875) Add ssl-enabled-protocol configuration parameter to IIOP subsystem

Tomasz Adamski (JIRA) issues at jboss.org
Sun Jul 24 13:35:00 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-6875?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomasz Adamski updated WFLY-6875:
---------------------------------
    Description: Add ability to specify allowed version of TLS/SSL protocol used by secured socket to iiop-openjdk subsystem. We need such configuration to be able to make sure that there is a possibility to turn off specific versions of protocol used (f.e. SSLv3 protocol to avoid POODLE attack). In most virtual machines (oracle and openjdk included) this change has been done already inside JVM configuration. Nevertheless adding such parameter to the subsystem will make it possible to configure this parameter independently of JVM making it secure no matter what JVM implementation is used.  (was: Add ability to specify allowed version of TLS/SSL protocol used by secured socket to iiop-openjdk subsystem. We need such configuration to be able to make sure that there is a possibility to turn off specific versions of protocol used (f.e. SSLv3 protocol to avoid POODLE attack). In most virtual machines (oracle and openjdk included) this change has been done already inside JVM configuration. Nevertheless adding such parameter to the subsystem will make it possible to configure this parameter no matter which JVM is used.)


> Add ssl-enabled-protocol configuration parameter to IIOP subsystem
> ------------------------------------------------------------------
>
>                 Key: WFLY-6875
>                 URL: https://issues.jboss.org/browse/WFLY-6875
>             Project: WildFly
>          Issue Type: Enhancement
>          Components: IIOP
>    Affects Versions: 10.0.0.Final
>            Reporter: Tomasz Adamski
>            Assignee: Tomasz Adamski
>
> Add ability to specify allowed version of TLS/SSL protocol used by secured socket to iiop-openjdk subsystem. We need such configuration to be able to make sure that there is a possibility to turn off specific versions of protocol used (f.e. SSLv3 protocol to avoid POODLE attack). In most virtual machines (oracle and openjdk included) this change has been done already inside JVM configuration. Nevertheless adding such parameter to the subsystem will make it possible to configure this parameter independently of JVM making it secure no matter what JVM implementation is used.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list