-
Bug
-
Resolution: Done
-
Blocker
-
7.1.0.DR15
Elytron comes with default use-cipher-suites-order = true.
"use-cipher-suites-order" => { "type" => BOOLEAN, "description" => "To honor local cipher suites preference.", "expressions-allowed" => true, "required" => false, "nillable" => true, "default" => true, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }
It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default
"cipher-suite-filter" => { "type" => STRING, "description" => "The filter to apply to specify the enabled cipher suites.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }
Nowadays default is just org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault() ("DEFAULT")
Setting to blocker as it blocks RFE verification.
- incorporates
-
ELY-1182 Update CipherSuite DEFAULT to match latest OpenSSL default
-
- Resolved
-
- is cloned by
-
-
- Resolved
-
- is incorporated by
-
JBEAP-11068 Upgrade WildFly Elytron to 1.1.0.Beta45
-
- Verified
-
-
-
- Verified
-
- is related to
-
-
- Closed
-
