I have Jboss 5.1 server on which , I have to implement the TLS security. If possible TLSv1.2.
Currently using SSL , want it to be upgraded to TLS.
Tried digging out through Jboss guide and other sites , but could not find anything solid on this. Found something like this but seems it is not working -
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8543" address="${jboss.bind.address}" scheme="https" secure="true" clientAuth="false"
keystoreFile="/opt/novell/idm/jre/bin/mycert.keystore"
keystorePass="mypassword" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_W ITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_W ITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_1 28_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
Any help is appreciated
Here's a simplified version, I do see that according to Red Hat, you're missing the SSLProtocol attribute and value.
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/keystore.jks"
keystorePass="password" sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />
That might not be an issue though because according to the SO post how to make jboss 5.1.0 ga meet diffie hellman standards as I said in my comment, you're likely already using TLS and don't realize it. The openSSL test should show you are.
Update on the sslProtocols = "TLSv1,TLSv1.1,TLSv1.2", I'd recommend going with just TLSv1.2 for security unless you have clients that absolutely have to have older versions.