1 Reply Latest reply on Feb 12, 2010 5:01 PM by Chris Mahns

    JBoss 4.2.0 SSL Weak Cipher Suites Supported

    Greg Gillespie Newbie

      Hello,

      I have not had a ton of experience with JBoss and was recently scanning one of our new machines with Nessus and received the "SSL Weak Cipher Suites Supported" vulnerability. I found this website (http://blog.techstacks.com/2008/09/securing-ssl-in-tomcat-part-two.html#comment-form) that seems to explain a fix for Tomcat that I was hoping was the same for JBoss but I cant seem to find any file named server.xml related with JBoss. Does anyone know how to disable the weak ciphers in JBoss or could you point me in the right direction to a solution?

      Thanks!