[jboss-jira] [JBoss JIRA] (WFLY-8443) Elytron, specify cipher-suite-filter default
Martin Choma (JIRA)
issues at jboss.org
Fri Mar 24 02:25:00 EDT 2017
Martin Choma created WFLY-8443:
----------------------------------
Summary: Elytron, specify cipher-suite-filter default
Key: WFLY-8443
URL: https://issues.jboss.org/browse/WFLY-8443
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Blocker
Elytron comes with default use-cipher-suites-order = true.
{code}
"use-cipher-suites-order" => {
"type" => BOOLEAN,
"description" => "To honor local cipher suites preference.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
{code}
It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default
{code}
"cipher-suite-filter" => {
"type" => STRING,
"description" => "The filter to apply to specify the enabled cipher suites.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
{code}
Nowadays default is just {{org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault()}} ("DEFAULT")
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list