Disable weak ciphers for Wildfly 16
26 views
Skip to first unread message
Kim
Jun 9, 2025, 11:13:35 AMJun 9
to WildFly
Hi, I need to disable some weak ciphers and google answers suggested to explicitly declare them in standalone.xml under tag <enabled-cipher-suites>. However, after updating the standalone.xml and the application is scanned through again, seems like weak ciphers are still supported.
My standalone.xml :-
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enabled-cipher-suites="TLS_DHE_RSA_WITH_AES_128_CCM,TLS_DHE_RSA_WITH_AES_128_CCM_8,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CCM,TLS_DHE_RSA_WITH_AES_256_CCM_8,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" enabled-protocols="TLSv1.2" enable-http2="true"/>
Weak ciphers still supported
Is there any ways to disable the weak ciphers for Wildfly 16?
Reply all
Reply to author
Forward
0 new messages