[jboss-user] [Security & JAAS/JBoss] - SSL Ciphers
simvtran
do-not-reply at jboss.com
Thu May 8 17:07:25 EDT 2008
OS: Linux
Test1: JBoss-4.0.2 with jdk 1.4
Test2: JBoss-4.3.0-eap with jdk 1.5
I tested both setup and SSL ciphers for 256-bit was not seen by the security scan. I currently have the following SSL ciphers in the server.xml file:
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
When the server is scanned, the 128-bit is picked up. However, when I change it to use 256-bit, the scan doesn't see the 256-bit. What do I need to use the 256-bit ciphers? Are there any other ciphers I am missing, beside the anonymous ciphers?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149601#4149601
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149601
More information about the jboss-user
mailing list