Jboss v7 - Syntax for cipher-suite ?

mwilcox1 Jul 11, 2017 11:49 PM

We have the following lines in our standalone*.xml file:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true"> <ssl name="monkey-ssl" password="*****" protocol="TLSv1.2" key-alias="monkeyCA" certificate-key-file="/home/monkey/monkey/jboss-as-7.2.0.Final/standalone/configuration/monkey.keystore" cipher-suite="HIGH,!aNULL,!MD5,!EDH_RSA_DES_CBC3_SHA,!ECDHE_RSA_DES_CBC3_SHA,!DES_CBC3_SHA,!DHE_RSA_WITH_AES_128_CBC_SHA"  /> </connector>

Note, the Nmon script ssl-enum-ciphers output is: 
 ssl-enum-ciphers: 
 TLSv1.0: No supported ciphers found 
 TLSv1.2: ciphers: 
 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong

We have some cipher-suite syntax questions:

Are the ! valid? ( cipher-suite="HIGH,!aNULL,!MD5,!EDH_RSA_DES_CBC3_SHA, )
Is the cipher syntax string correct, eg: ECDHE_RSA_DES_CBC3_SHA ( ie is it _ or - ) ?

How can we insure NO medium strength ciphers are used ?

1. Re: Jboss v7 - Syntax for cipher-suite ?

sshashan Oct 24, 2017 3:22 AM (in response to mwilcox1)
We have some cipher-suite syntax questions:
Are the ! valid? ( cipher-suite="HIGH,!aNULL,!MD5,!EDH_RSA_DES_CBC3_SHA, )
[Sujay Shashank] : Yes , "!" is a valid cipher suite syntax.
Is the cipher syntax string correct, eg: ECDHE_RSA_DES_CBC3_SHA ( ie is it _ or - ) ?
[Sujay Shashank]: It is "_" .
Actions