Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2852

Elytron, specify cipher-suite-filter default

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Blocker
    • 3.0.0.Beta23
    • None
    • Security
    • None

    Description

      Elytron comes with default use-cipher-suites-order = true. 

      	"use-cipher-suites-order" => {
	    "type" => BOOLEAN,
	    "description" => "To honor local cipher suites preference.",
	    "expressions-allowed" => true,
	    "required" => false,
	    "nillable" => true,
	    "default" => true,
	    "access-type" => "read-write",
	    "storage" => "configuration",
	    "restart-required" => "resource-services"
	}

      It means honor server cipher suites preference. Because of that Elytron has to provide also some carefully selected cipher-suite-filter default

      	"cipher-suite-filter" => {
            "type" => STRING,
            "description" => "The filter to apply to specify the enabled cipher suites.",
            "expressions-allowed" => true,
            "required" => false,
            "nillable" => true,
            "min-length" => 1L,
            "max-length" => 2147483647L,
            "access-type" => "read-write",
            "storage" => "configuration",
            "restart-required" => "resource-services"
        }

      Nowadays default is just org.wildfly.security.ssl.CipherSuiteSelector#openSslDefault() ("DEFAULT")

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9871 Elytron, specify cipher-suite-filter default

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: