1 Reply Latest reply on Oct 24, 2017 3:22 AM by sujay shashank

    Jboss v7 - Syntax for cipher-suite ?

    Mike Wilcox Newbie

      We have the following lines in our standalone*.xml file: 

      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true"> <ssl name="monkey-ssl" password="*****" protocol="TLSv1.2" key-alias="monkeyCA" certificate-key-file="/home/monkey/monkey/jboss-as-7.2.0.Final/standalone/configuration/monkey.keystore" cipher-suite="HIGH,!aNULL,!MD5,!EDH_RSA_DES_CBC3_SHA,!ECDHE_RSA_DES_CBC3_SHA,!DES_CBC3_SHA,!DHE_RSA_WITH_AES_128_CBC_SHA"  /> </connector>

      Note, the Nmon script ssl-enum-ciphers output is: 
      ssl-enum-ciphers:
      TLSv1.0: No supported ciphers found
      TLSv1.2: ciphers:
      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong


      We have some cipher-suite syntax questions:

      1. Are the ! valid? ( cipher-suite="HIGH,!aNULL,!MD5,!EDH_RSA_DES_CBC3_SHA,  )
      2. Is the cipher syntax string correct, eg: ECDHE_RSA_DES_CBC3_SHA ( ie is it _ or - ) ?

       

      How can we insure NO medium strength ciphers are used ?