I am running JBoss EAP 6.4 version. I am meeting with a problem related to SSL cipher suite. My server is configured https like below (standalone.xml):
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl password="password" certificate-key-file="${jboss.server.config.dir}/test.keystore" cipher-suite= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384, TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA, TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA, TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256, TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"/> </connector>
Now using Firefox version 39 to access the server will have an error of "On the server key exchange handshake messages SSL received in a weak temporary Diffie-Hellman key (Error Code: ssl_error_weak_server_ephemeral_dh_key)".
I have followed this link and changed the cipher suite list but still makes no difference. https://weakdh.org/sysadmin.html
Anyone has an advise what the problem is and how to resolve this?
Could anybody help with this? What is the safe cipher suite list that can be used in the standalone.xml?