2017-07-04 183 views
0

需要幫助以確保我們的Wildfly 10服務器(安裝在Ubuntu 16.04.1 LTS上)僅支持TLS v1.2及更高版本。如何在Wildfly 10獨立模式下啓用TLS v1.2?

如何查看當前ssl證書版本?

,我們通過standalone.xml文件編輯standalone.xml

<security-realms> 
     <security-realm name="ManagementRealm"> 
      <authentication> 
       <local default-user="$local" skip-group-loading="true"/> 
       <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> 
      </authentication> 
      <authorization map-groups-to-roles="false"> 
       <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> 
      </authorization> 
     </security-realm> 
     <security-realm name="ApplicationRealm"> 
      <server-identities> 
       <ssl> 
        <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="serverpassword" alias="server" key-password="serverpassword"/> 
       </ssl> 
      </server-identities> 
      <authentication> 
       <local default-user="$local" allowed-users="*" skip-group-loading="true"/> 
       <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> 
      </authentication> 
      <authorization> 
       <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> 
      </authorization> 
     </security-realm> 
    </security-realms> 
    <subsystem xmlns="urn:jboss:domain:security:1.2"> 
     <security-domains> 
      <security-domain name="other" cache-type="default"> 
       <authentication> 
        <login-module code="Remoting" flag="optional"> 
         <module-option name="password-stacking" value="useFirstPass"/> 
        </login-module> 
        <login-module code="RealmDirect" flag="required"> 
         <module-option name="password-stacking" value="useFirstPass"/> 
        </login-module> 
       </authentication> 
      </security-domain> 
      <security-domain name="jboss-web-policy" cache-type="default"> 
       <authorization> 
        <policy-module code="Delegating" flag="required"/> 
       </authorization> 
      </security-domain> 
      <security-domain name="jboss-ejb-policy" cache-type="default"> 
       <authorization> 
        <policy-module code="Delegating" flag="required"/> 
       </authorization> 
      </security-domain> 
      <security-domain name="jaspitest" cache-type="default"> 
       <authentication-jaspi> 
        <login-module-stack name="dummy"> 
         <login-module code="Dummy" flag="optional"/> 
        </login-module-stack> 
        <auth-module code="Dummy"/> 
       </authentication-jaspi> 
      </security-domain> 
     </security-domains> 
    </subsystem> 
    <subsystem xmlns="urn:jboss:domain:undertow:3.0"> 
     <buffer-cache name="default"/> 
     <server name="default-server"> 
      <http-listener name="default" socket-binding="http" redirect-socket="https"/> 
      <https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https"/> 
      <host name="default-host" alias="localhost"> 
       <location name="/" handler="welcome-content"/> 
       <filter-ref name="server-header"/> 
       <filter-ref name="x-powered-by-header"/> 
      </host> 
     </server> 
     <servlet-container name="default"> 
      <jsp-config/> 
      <websockets/> 
     </servlet-container> 
+0

可能是[此鏈接](https://stackoverflow.com/questions/22563605/how-to-force-jboss-as-7-to-serve-https-using-tls-1-0 )幫助你! –

回答

1

編輯HTTPS監聽標籤啓用在我們的服務器HTTPS。並重新啓動wildfly服務器。

<https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https" enabled-protocols="TLSv1.2"/> 

通過從link運行TestSSLServer確保相同。

TestSSLServer4.exe localhost 8443