Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
15.0.0.Final, 15.0.1.Final
-
None
Description
When using the "openssl" provider, the cipher-suite-filter is respected by undertow, but ignored by iiop-openjdk (modified standalone-full.xml):
<server-ssl-contexts>
<server-ssl-context name="openssl-serversslcontext" cipher-suite-filter="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256" protocols="TLSv1.2" key-manager="wildfly-keymanager" providers="openssl"/>
</server-ssl-contexts>
<client-ssl-contexts>
<client-ssl-context name="iiop-clientsslcontext" cipher-suite-filter="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256" protocols="TLSv1.2" trust-manager="jvm-trustmanager"/>
</client-ssl-contexts>
</tls>
</subsystem>
<subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.1">
<orb socket-binding="iiop" ssl-socket-binding="iiop-ssl"/>
<initializers security="identity" transactions="spec"/>
<security support-ssl="true" server-ssl-context="openssl-serversslcontext" client-ssl-context="iiop-clientsslcontext" server-requires-ssl="true" client-requires-ssl="false"/>
<interop iona="true"/>
</subsystem>
See also:
