您的位置: 首页  >  技术问答  >  如何在Wildfly 10独立模式下启用TLS v1.2?

如何在Wildfly 10独立模式下启用TLS v1.2?

分类: 技术问答 2022-03-31 19:27:27
问题描述:

需要帮助以确保我们的Wildfly 10服务器(安装在Ubuntu 16.04.1 LTS上)仅支持TLS v1.2及更高版本。如何在Wildfly 10独立模式下启用TLS v1.2?

如何查看当前ssl证书版本?

,我们通过standalone.xml文件编辑standalone.xml

<security-realms> 
     <security-realm name="ManagementRealm"> 
      <authentication> 
       <local default-user="$local" skip-group-loading="true"/> 
       <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> 
      </authentication> 
      <authorization map-groups-to-roles="false"> 
       <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> 
      </authorization> 
     </security-realm> 
     <security-realm name="ApplicationRealm"> 
      <server-identities> 
       <ssl> 
        <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="serverpassword" alias="server" key-password="serverpassword"/> 
       </ssl> 
      </server-identities> 
      <authentication> 
       <local default-user="$local" allowed-users="*" skip-group-loading="true"/> 
       <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> 
      </authentication> 
      <authorization> 
       <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> 
      </authorization> 
     </security-realm> 
    </security-realms> 
    <subsystem xmlns="urn:jboss:domain:security:1.2"> 
     <security-domains> 
      <security-domain name="other" cache-type="default"> 
       <authentication> 
        <login-module code="Remoting" flag="optional"> 
         <module-option name="password-stacking" value="useFirstPass"/> 
        </login-module> 
        <login-module code="RealmDirect" flag="required"> 
         <module-option name="password-stacking" value="useFirstPass"/> 
        </login-module> 
       </authentication> 
      </security-domain> 
      <security-domain name="jboss-web-policy" cache-type="default"> 
       <authorization> 
        <policy-module code="Delegating" flag="required"/> 
       </authorization> 
      </security-domain> 
      <security-domain name="jboss-ejb-policy" cache-type="default"> 
       <authorization> 
        <policy-module code="Delegating" flag="required"/> 
       </authorization> 
      </security-domain> 
      <security-domain name="jaspitest" cache-type="default"> 
       <authentication-jaspi> 
        <login-module-stack name="dummy"> 
         <login-module code="Dummy" flag="optional"/> 
        </login-module-stack> 
        <auth-module code="Dummy"/> 
       </authentication-jaspi> 
      </security-domain> 
     </security-domains> 
    </subsystem> 
    <subsystem xmlns="urn:jboss:domain:undertow:3.0"> 
     <buffer-cache name="default"/> 
     <server name="default-server"> 
      <http-listener name="default" socket-binding="http" redirect-socket="https"/> 
      <https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https"/> 
      <host name="default-host" alias="localhost"> 
       <location name="/" handler="welcome-content"/> 
       <filter-ref name="server-header"/> 
       <filter-ref name="x-powered-by-header"/> 
      </host> 
     </server> 
     <servlet-container name="default"> 
      <jsp-config/> 
      <websockets/> 
     </servlet-container>
+0

可能是[此链接](https://*.com/questions/22563605/how-to-force-jboss-as-7-to-serve-https-using-tls-1-0 )帮助你! –

编辑HTTPS监听标签启用在我们的服务器HTTPS。并重新启动wildfly服务器。

<https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https" enabled-protocols="TLSv1.2"/>

通过从link运行TestSSLServer确保相同。

TestSSLServer4.exe localhost 8443

相关推荐