-
1. Re: How to disable weak ciphers in Jboss as 7?
sarula Sep 24, 2012 2:37 AM (in response to sarula)Bump, anyone can help?
-
2. Re: How to disable weak ciphers in Jboss as 7?
michaelyaakoby Jan 27, 2013 5:42 PM (in response to sarula)After reading that this ins't yet supported in JBoss 7, I did some trail and error and got this to work by specifying "cipher-suite" instead of "cipher-suites" as you wrote above or "ciphers" as documented in http://docs.jboss.org/jbossweb/7.0.x/config/ssl.html.
{code:xml}
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="ssl" password="changeit" certificate-key-file="${jboss.server.config.dir}/wfa.keystore" cipher-suite="TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" protocol="TLSv1" verify-client="false"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
</virtual-server>
</subsystem>
{code}
Note that accordig to https://issues.jboss.org/browse/AS7-5501 this isn't yet supported - so I don't really understand how come it is working for me
-
3. Re: How to disable weak ciphers in Jboss as 7?
dlofthouse Jan 28, 2013 4:20 AM (in response to michaelyaakoby)The reason that it is working for you is because you are configuring JBoss Web which is supported - the Jira issue is in reference to the HTTP server used for management and the admin console in which case specifying the cipers is not not currently supported.