JBoss 4.2.0 SSL Weak Cipher Suites Supported

thermo144 Mar 11, 2009 10:26 AM

Hello,

I have not had a ton of experience with JBoss and was recently scanning one of our new machines with Nessus and received the "SSL Weak Cipher Suites Supported" vulnerability. I found this website (http://blog.techstacks.com/2008/09/securing-ssl-in-tomcat-part-two.html#comment-form) that seems to explain a fix for Tomcat that I was hoping was the same for JBoss but I cant seem to find any file named server.xml related with JBoss. Does anyone know how to disable the weak ciphers in JBoss or could you point me in the right direction to a solution?

Thanks!

1. Re: JBoss 4.2.0 SSL Weak Cipher Suites Supported

mahnsc Feb 12, 2010 5:01 PM (in response to thermo144)

server.xml is going to be in your ${server.home}/deploy/jboss-web.deployer directory. If you installed jboss to /usr/local/jboss and you're using the default instance, then the path would be /usr/local/jboss/server/default/deploy/jboss-web.deployer
Actions