Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2852

Elytron, specify cipher-suite-filter default

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Blocker Blocker
    • 3.0.0.Beta23
    • None
    • Security
    • None

      Elytron comes with default use-cipher-suites-order = true.

      	"use-cipher-suites-order" => {
      	    "type" => BOOLEAN,
      	    "description" => "To honor local cipher suites preference.",
      	    "expressions-allowed" => true,
      	    "required" => false,
      	    "nillable" => true,
      	    "default" => true,
      	    "access-type" => "read-write",
      	    "storage" => "configuration",
      	    "restart-required" => "resource-services"
      	}
      

      It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default

      	"cipher-suite-filter" => {
                  "type" => STRING,
                  "description" => "The filter to apply to specify the enabled cipher suites.",
                  "expressions-allowed" => true,
                  "required" => false,
                  "nillable" => true,
                  "min-length" => 1L,
                  "max-length" => 2147483647L,
                  "access-type" => "read-write",
                  "storage" => "configuration",
                  "restart-required" => "resource-services"
              }
      

      Nowadays default is just org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault() ("DEFAULT")

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: