4 Replies Latest reply on Mar 11, 2015 5:23 PM by Tomaz Cerar

    Is it possible to control server-side SSL cipher order choosing in Undertow?

    Matt Explosion Newbie

      Hello,

       

      In Wildfly/Undertow, for HTTPS listeners, is there any way to make the server choose which SSL cipher to use based on the order in which the ciphers are specified in the configuration? Something equivalent to the Apache SSLHonorCipherOrder setting or the Nginx ssl_prefer_server_ciphers setting, essentially.

       

      The reason why this is, unfortunately, necessary is that our website processes credit cards and needs to be PCI compliant, which means we have to prefer RC4 ciphers over other (ostensibly more secure) ciphers due to the client-side BEAST vulnerability. Currently we have worked around this by disallowing all CBC ciphers, but aside from the fact that this is a horrible solution, I've recently come to understand that Firefox is planning to discontinue support for RC4 some time in the future. (latest FF developer edition, 38.something, has already discontinued RC4 cipher support.)

       

      Thanks much!

       

      -Matt