1 Reply Latest reply on Oct 16, 2013 9:29 AM by Mehran Roodsaz

    Jboss Connector tlsv1.1 support ONLY

    zemt3x Newbie

      Hi,

       

      i'm triing to create a java SSL connector to forward only TLSv1.1 connections to my application.

       

      This is my connector:

           <Connector protocol="org.apache.coyote.http11.Http11Protocol"

                   port="49154" minSpareThreads="5" maxSpareThreads="75"

                   enableLookups="true" disableUploadTimeout="true"

                  acceptCount="100"  maxThreads="200"

                  scheme="https" secure="true" SSLEnabled="true"

                  keystoreFile="/.../sslKeyStore.jks"

                  keystorePass="..."

                  clientAuth="true"

                  sslProtocol="TLSv1.1"

                  ciphers="TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA"/>

      But this connector also accepts TLSv1, TLSv1.2 and SSL3.

      Only SSL2 is unsurported.

      If I don't define the sslProtocol="..." in my connector I get the same appearance, what is very strange for me.

       

      I'm using JDK7 and - i think - this is why it supports all TLS versions

           see:http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html

           "The SunJSSE provider now supports TLS 1.1 as described in RFC 4346. The most important update is protection against cipher block chaining (CBC) attacks."

       

      What I want to reach is to accept only handshakes using the TLSv1.1 protocol, for other handshakes the connector should say something like this

           "Unsupported SSL v2.0 ClientHello"

      what my connector does for the SSL2 protocol.

       

      Is it possible?`

      The Connector runs on JBoss AS 4.2.3 and for the SSL-handshake I'm using openssl.

       

      Regards

      zemt3x