[jboss-jira] [JBoss JIRA] (ELY-1607) Revise cipher suites exposed by Elytron

[Justin Cook (JIRA)]

    [ https://issues.jboss.org/browse/ELY-1607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13604704#comment-13604704 ] 

Justin Cook commented on ELY-1607:
----------------------------------

[~mchoma] What would be the proper procedure for testing the cipher suites? I'm currently following the procedure outlined in https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-EnableOnewaySSL%2FTLSforApplications and connecting to https://localhost:8443/ but I get the error SSL_ERROR_INTERNAL_ERROR_ALERT in Firefox and ERR_SSL_PROTOCOL_ERROR in Chrome for both pre-existing cipher suites and added cipher suites.

> Revise cipher suites exposed by Elytron
> ---------------------------------------
>
>                 Key: ELY-1607
>                 URL: https://issues.jboss.org/browse/ELY-1607
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 1.4.0.Final
>            Reporter: Martin Choma
>            Assignee: Justin Cook
>            Priority: Blocker
>             Fix For: 1.4.1.CR1
>
>
> I know there have been discussed earlier we should revise/update database and defaults regularly.
> Checking few ciphersuites from java cipher suite list [1]. I have noticed:
> *    Elytron is missing CHACHA20 variants introduced in rfc 7905
> *    missing ciphersuites from RFC 6209
> *    ...
> Please revise content of MechanismDatabase.properties
> [1] https://docs.oracle.com/javase/10/docs/specs/security/standard-names.html#jsse-cipher-suite-names



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)