Question
How do I force JBoss AS 7 to serve HTTPS content over TLS 1.0?
I am providing a Java application that uses Spring Security 3 to clients. It is hosted on JBoss AS 7. It can only be reached over a VPN, so I'm not too concerned with encryption at the application or transport layer. (Perhaps I should be?) When my users try to connect, browsers refuse the connection unless the user explicitly enables TLS 1.1 and TLS 1.2. Since my users aren't interested in these nuances, I would like to force JBoss to revert back to TLS 1.0.
How do I force JBoss AS 7 to serve HTTPS content over TLS 1.0?
My web domain setup is as follows:
https://stackoverflow.com/questions/22563605
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl password="myPassword" certificate-key-file="myKeyFile.jks" protocol="TLSv1" verify-client="false" certificate-file="myCertFile"/>
</connector>
My socket binding group is set up as follows:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
....
</socket-binding-group>
Thanks in advance.
La solution
See https://docs.jboss.org/jbossweb/7.0.x/config/ssl.html
You can force TLS by making use of the protocol attribute.
The version of the SSL protocol to use. If not specified, Supported values: SSLv2, SSLv3, TLSv1, SSLv2+SSLv3 and ALL. the default is "ALL".
