Hi, I have configured the SSL connector in: deploy\jbossweb-tomcat55.sar\server.xml and have web services over https working. Now I'm trying to limit the ciphers that can be used on the HTTPS requests and responses. According to Tomcat documentation here:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html I should be able to use the ciphers attribute in the SSL connector configuration. I believe the values that I can use for the ciphers attribute are those in the last (5th) table of Appendix A of this document: http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA so the SSL connector would look like this: | <!-- SSL/TLS Connector on port 8443 --> | <Connector port="8443" address="${jboss.bind.address}" | maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" | emptySessionPath="true" | scheme="https" secure="true" clientAuth="true" | sslProtocol="TLS" | ciphers="TLS_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA" | keystoreFile="${jboss.server.home.dir}/conf/server.keystore" | keystorePass="password" | truststoreFile="${jboss.server.home.dir}/conf/server.keystore" | truststorePass="password" /> I've found, however, that I can write trash in the ciphers attribute and the SSL call still succeeds. I can write: ciphers="Hi Mom!" and I get no errors either in the JBoss AS startup or in the HTTPS calls. It seems like the ciphers attribute is being ignored. Does anybody know how to limit the ciphers used by HTTPS in JBoss AS 4.0.2 ? (Upgrading to another version of JBoss is currently not an option, as our project is nearing the release date, but I could apply a patch if there is one.) Thank you very much, Ernesto View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3939080#3939080 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3939080 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
