[jboss-user] [JBoss Remoting] - Disable Weak Ciphers for PCI-DSS

[Ron Sigal]

Ron Sigal [http://community.jboss.org/people/ron.sigal%40jboss.com] replied to the discussion

"Disable Weak Ciphers for PCI-DSS"

To view the discussion, visit: http://community.jboss.org/message/539915#539915

--------------------------------------------------------------
Hi Sunil


> 1. Update the Remoting.jar to to 2.4.x  version but I did not find any document to do this( I was also worried about it's impact on my swing clients and webservice).

Updating is just a matter of replacing jboss-remoting.jar.  In the context of the Application Server (4.2.x), you want to replace it in $JBOSS_HOME/server/$CONFIG/lib and $JBOSS_HOME/client.  Note, also, that client/jbossall-client.jar contains the Remoting files, so you would want to put jboss-remoting.jar in front of jbossall-client.jar on the classpath.

In principle, it should be possible to just drop in a new jboss-remoting.jar.  I've heard of people using Remoting 2.4/2.5 with AS 4.2.x, and I'm not aware of any problems.  No warranty, of course.

There's another alternative, though.  You can configure Remoting to use a custom ServerSocketFactory, so you could write a ServerSocketFactory which sets the enabledCipherSuites property before returning the ServerSocket.  See Section 5.7.3. "Server side configuration in the JBoss Application Server" in the Remoting Guide:  http://docs.jboss.org/jbossremoting/2.2.3.SP2/html/ http://docs.jboss.org/jbossremoting/2.2.3.SP2/html/

-Ron

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/539915#539915]

Start a new discussion in JBoss Remoting at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2050]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100427/33746686/attachment.html