You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
seo-title: "MCP server updates and Transport Security in 26.0.0.5-beta- OpenLiberty.io"
8
+
seo-title: "Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta- OpenLiberty.io"
9
9
seo-description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax.
10
10
blog_description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax.
= MCP server updates and Transport Security in 26.0.0.5-beta
14
+
= Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta
15
15
Navaneeth S Nair <https://github.com/navaneethsnair1>
16
16
:imagesdir: /
17
17
:url-prefix:
@@ -30,7 +30,7 @@ This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher
30
30
The link:{url-about}[Open Liberty] 26.0.0.5-beta includes the following beta features (along with link:{url-prefix}/docs/latest/reference/feature/feature-overview.html[all GA features]):
31
31
32
32
* <<mcp, Updates to `mcpServer-1.0`>>
33
-
* <<transportSecurity, Transport Security>>
33
+
* <<ssl, Update to TLS/SSL Cipher support>>
34
34
35
35
// // // // // // // //
36
36
// In the preceding section:
@@ -150,8 +150,8 @@ This has been fixed to ensure proper isolation of encoder beans per application,
150
150
// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/34374
151
151
// Contact/Reviewer: rangaran
152
152
// // // // // // // //
153
-
[#transportSecurity]
154
-
== Transport Security
153
+
[#ssl]
154
+
== Update to TLS/SSL Cipher support
155
155
156
156
Liberty uses the default cipher list from the JDK. The `securityLevel` attribute in the SSL configuration is not used anymore. In addition, the `enabledCiphers` attribute in the SSL config is updated to customize the SSL ciphers in a more flexible way.
157
157
@@ -161,17 +161,28 @@ Liberty's `securityLevel` based cipher categories no longer provide meaningful v
161
161
162
162
The `enabledCiphers` attribute includes a new syntax option to add '+' or remove '–' specific ciphers from the effective JDK cipher list without redefining everything. A static list and +/- syntax in the same `enabledCiphers` entry is not allowed. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list.
163
163
164
-
*Example Usage*
164
+
*Existing Usage - A user sets `securityLevel` as `HIGH`*
165
165
166
166
[source,xml]
167
167
----
168
-
<ssl id="defaultSSL" securityLevel="HIGH"/>
169
-
<ssl id="defaultSSL" securityLevel="CUSTOM" enabledCiphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384..../"> <!-- basically everything except TLS_RSA ciphers from the effective jdk list -->
*Example with new syntax - `securityLevel` is not required and is ignored if provided*
174
172
173
+
[source,xml]
174
+
----
175
+
<ssl id="defaultSSL"/>
176
+
----
177
+
178
+
*Existing Usage - A user specifies all ciphers from the effective jdk list excluding all TLS_RSA ciphers except for one (TLS_RSA_WITH_AES_128_GCM_SHA256)*
0 commit comments