Created attachment 739605 [details] patch to specify an extra jsse provider Some of our costumers are using JBoss EAP and our application needs the TLS cipher suite TLS_RSA_PSK_WITH_AES_128_CBC_SHA, which we implemented in an own security provider. This special TLS cipher suite is only used for a special dedicated connection and the application server has to talk "normal" ssl on other ports at the same time. In JBoss EAP 5 we added sslProtocol="RFC4279", while RFC4279 is the name of our provider, to one Connector entry in the file server/default/deploy/jbossweb.sar/server.xml. This option is not available in JBoss EAP 6 any more and we could not find a way to make one connector use our provider while the others are using the default one. To fix this issue for use we used the attached patch. We would like to get this patch into the next version of the JBoss EAP 6.X branch, so we do not have to modify the source code by our self any more. This patch was tested with JBoss EAP 6.0.0. Currently we patched the source code of the corresponding community edition and replaced the jboss-web jar with our patched jar in the community and EAP version. With this patch we are able to specify our JSSE provider like this: <connector name="httpspsk" protocol="HTTP/1.1" scheme="https" socket-binding="httpspsk" secure="true"> <ssl name="ssl" key-alias="intended purpose ssl test from bremen online services" password="123456" certificate-key-file="${jboss.server.config.dir}/governikus_ssl.jks" protocol="ALL" keystore-type="JKS" ssl_protocol="RFC4279"/> </connector> This is related to Red Hat Customer Portal support case 00721624 "Additional JSSE Provider on socket bindings and connectors"
Tomaz Cerar <tomaz.cerar> made a comment on jira WFLY-1094 Fixed in upstream
I have uploaded the custom JSSE provider and when I define the connector with ssl-protocol defined, I see from logs that it tries to make ssl handshake using the custom provider => verified with EAP 6.2.0.ER7