CODEWITHSUNDEEP
javajbosssecurityjboss6.x
Sriks
Sriks

Reputation: 678

Does Jboss 6.x support TLS1.2?

Does Jboss 6.x support TLS1.2 (Transport Layer Security)?

If so, where to configure and how to configure. I got some information from Jboss but it not concrete info whether it supports TLS1.2

http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html

Because mapping goes like this.

<!-- SSL/TLS Connector with encrypted keystore password configuration  -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
SSLPassword="KAaxoMQCJH30GZWb96Mov"
securityDomain="encrypt-keystore-password"
SSLCertificateFile="server.crt"
SSLCertificateKeyFile="server.pem" SSLProtocol="**TLSv1**" />

Upvotes: 1

Views: 18060

Answers (2)

Sushil Behera
Sushil Behera

Reputation: 981

It does not matter on Jboss version. What matters is which JDK version you are using.

If you are using JDK 7 then yes it supports. If you are using JDK 6 then use minor version grater than 110 which supports TLS1.2.

Below are things required to do.

  • Upgrade JDK version if required.
  • change the SSLProtocol parameter to TLSv1.2 in your server.xml
  • Add below line in file /apps_01/webapps/JBoss/conf/XXXXXXXX_server0/security/java.security

jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1

Validation. Run each of below command if it returns the cipher then it is enable the protocol. If it returns 0000 cipher then it is diabled.

openssl s_client -connect <IP>:<port>
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-SHA
openssl s_client -connect <IP>:<port> -tls1_2
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-SHA
openssl s_client -connect <IP>:<port> -ssl3
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
openssl s_client -connect <IP>:<port> -tls1
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
openssl s_client -connect <IP>:<port> -tls1_1
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : 0000

Upvotes: 1

eis
eis

Reputation: 53553

JBoss web used by JBoss 6.x is a fork of Tomcat, so based on this tomcat answer, if you upgrade to Java 7 you should be able to use 1.2.

To test

  • use Java 7 on the server (this can be seen on the JBoss startup params)
  • change the SSLProtocol parameter to TLSv1.2 in your server.xml
  • surf to your server using a browser, and check the SSL connection details - it should say TLS 1.2

(future readers, note that Wildfly is no longer based on Tomcat fork, but on Undertow.)

Upvotes: 2

Related Questions