问题描述
如何强制JBoss AS 7通过TLS 1.0提供HTTPS内容?
How do I force JBoss AS 7 to serve HTTPS content over TLS 1.0?
我正在为客户端提供一个使用Spring Security 3的Java应用程序.它托管在JBoss AS 7上.只能通过VPN进行访问,因此我不太担心应用程序或传输层的加密. (也许应该是?)当我的用户尝试连接时,浏览器会拒绝该连接,除非用户明确启用TLS 1.1和TLS 1.2.由于我的用户对这些细微差别不感兴趣,因此我想强迫JBoss恢复到TLS 1.0.
I am providing a Java application that uses Spring Security 3 to clients. It is hosted on JBoss AS 7. It can only be reached over a VPN, so I'm not too concerned with encryption at the application or transport layer. (Perhaps I should be?) When my users try to connect, browsers refuse the connection unless the user explicitly enables TLS 1.1 and TLS 1.2. Since my users aren't interested in these nuances, I would like to force JBoss to revert back to TLS 1.0.
如何强制JBoss AS 7通过TLS 1.0提供HTTPS内容?
How do I force JBoss AS 7 to serve HTTPS content over TLS 1.0?
我的网络域设置如下:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl password="myPassword" certificate-key-file="myKeyFile.jks" protocol="TLSv1" verify-client="false" certificate-file="myCertFile"/>
</connector>
我的套接字绑定组设置如下:
My socket binding group is set up as follows:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
....
</socket-binding-group>
谢谢.
推荐答案
请参见 https://docs.jboss.org/jbossweb/7.0.x/config/ssl.html
您可以通过使用protocol属性来强制执行TLS.
You can force TLS by making use of the protocol attribute.
The version of the SSL protocol to use. If not specified, Supported values: SSLv2, SSLv3, TLSv1, SSLv2+SSLv3 and ALL. the default is "ALL".
这篇关于如何使用TLS 1.0强制jboss 7作为https服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!