Hi,
currently we migrate picketbox / picketlink to elytron. In the past we had follow undertow configuration to optionally configure the supported TLS protocols from outside the standalone.xml:
<https-listener name="https" security-realm="UndertowRealm" verify-client="${pos.https.verifyClient:NOT_REQUESTED}" enabled-cipher-suites="${pos.https.enabledCipherSuites:HIGH}" enabled-protocols="${pos.https.enabledProtocols:TLSv1,TLSv1.1,TLSv1.2}" enable-http2="true"/>
In Elytron I configure the keystore and keymanager within the elytron subsystem. But I have a problem configuring the supported tls protocols for the server ssl context using the same syntax as in the above example.
<server-ssl-context name="MTLS_Context" cipher-suite-filter="${https.enabledCipherSuites:HIGH}" protocols="${https.enabledProtocols:TLSv1.1,TLSv1.2}" need-client-auth="true" key-manager="My_KeyManager" trust-manager="My_TrustManager"/>
If configuring the protocols without an environment variable this would look like this
<server-ssl-context name="MTLS_Context" protocols="TLSv1.1 TLSv1.2" key-manager="My_KeyManager"/>
But using an expression this don't work. I tried with follow syntax:
${https.enabledProtocols:TLSv1.1,TLSv1.2}
${https.enabledProtocols:TLSv1.1 TLSv1.2}
${https.enabledProtocols:[TLSv1.1 TLSv1.2]}
Butting nothing works. Either wildfly does not accept the syntax (the last 2 samples) or elytron does not split the values correctly (first example).
So how can I configure multiple protocols using the expression syntax?
Regards
Marco