Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
15.0.0.Final, 15.0.1.Final
-
None
Description
When using the "openssl" provider, the cipher-suite-filter is respected by undertow, but ignored by iiop-openjdk (modified standalone-full.xml):
<server-ssl-contexts> <server-ssl-context name="openssl-serversslcontext" cipher-suite-filter="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256" protocols="TLSv1.2" key-manager="wildfly-keymanager" providers="openssl"/> </server-ssl-contexts> <client-ssl-contexts> <client-ssl-context name="iiop-clientsslcontext" cipher-suite-filter="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256" protocols="TLSv1.2" trust-manager="jvm-trustmanager"/> </client-ssl-contexts> </tls> </subsystem> <subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.1"> <orb socket-binding="iiop" ssl-socket-binding="iiop-ssl"/> <initializers security="identity" transactions="spec"/> <security support-ssl="true" server-ssl-context="openssl-serversslcontext" client-ssl-context="iiop-clientsslcontext" server-requires-ssl="true" client-requires-ssl="false"/> <interop iona="true"/> </subsystem>
See also: