-
Task
-
Resolution: Done
-
Blocker
-
None
-
None
Elytron comes with default use-cipher-suites-order = true.
"use-cipher-suites-order" => { "type" => BOOLEAN, "description" => "To honor local cipher suites preference.", "expressions-allowed" => true, "required" => false, "nillable" => true, "default" => true, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }
It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default
"cipher-suite-filter" => { "type" => STRING, "description" => "The filter to apply to specify the enabled cipher suites.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }
Nowadays default is just org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault() ("DEFAULT")
- clones
-
JBEAP-9871 Elytron, specify cipher-suite-filter default
- Closed