I’ve been trying to find a way to limit the ciphers used by keycloak to pass a PCI scan.
If i alter the standalone.xml file with the line of code - the site does not load.
<https-listener name=“https” socket-binding=“https” ssl-context=“applicationSSC” enable-http2=“true” enabled-protocols=“TLSv1.2” enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/>
Any ideas or guidance?