[jboss-jira] [JBoss JIRA] (WFCORE-2852) Elytron, specify cipher-suite-filter default
Darran Lofthouse (JIRA)
issues at jboss.org
Mon May 22 06:50:01 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-2852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse moved WFLY-8443 to WFCORE-2852:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2852 (was: WFLY-8443)
Component/s: Security
(was: Security)
> Elytron, specify cipher-suite-filter default
> ---------------------------------------------
>
> Key: WFCORE-2852
> URL: https://issues.jboss.org/browse/WFCORE-2852
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Elytron comes with default use-cipher-suites-order = true.
> {code}
> "use-cipher-suites-order" => {
> "type" => BOOLEAN,
> "description" => "To honor local cipher suites preference.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "default" => true,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> }
> {code}
> It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default
> {code}
> "cipher-suite-filter" => {
> "type" => STRING,
> "description" => "The filter to apply to specify the enabled cipher suites.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> }
> {code}
> Nowadays default is just {{org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault()}} ("DEFAULT")
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list