How to configure a list of TLS Ciphers for Keycloak

sskwerski · December 7, 2022, 5:03pm

I’ve been trying to find a way to limit the ciphers used by keycloak to pass a PCI scan.

If i alter the standalone.xml file with the line of code - the site does not load.

<https-listener name=“https” socket-binding=“https” ssl-context=“applicationSSC” enable-http2=“true” enabled-protocols=“TLSv1.2” enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/>

Any ideas or guidance?

Topic		Replies	Views
Can't configure client certificate authentication (x509 MTLS) Configuring the server authentication	0	522	March 29, 2023
Trouble setting up HTTPS Configuring the server	0	390	January 16, 2021
Too many redirects after login to Keycloak with Nginx as reverse proxy Securing applications authentication	10	14142	December 5, 2021
Enabling SSL to secure the HTTP traffic of the Keycloak Server with existing certificate (avoid self-signed certificate) Getting advice	15	7979	May 17, 2021
Keycloak Mutual SSL behind Nginx: Keycloak can't find Truststore Configuring the server	0	411	March 20, 2022

How to configure a list of TLS Ciphers for Keycloak

Related Topics