WildFly 34 Model Reference

An SSLContext for use on the server side of a connection.

Provided capabilities(1)

Name	Dynamic	Other provider points
org.wildfly.security.ssl-context	true	/subsystem=elytron/server-ssl-sni-context=* /subsystem=elytron/dynamic-client-ssl-context=* /subsystem=elytron/client-ssl-context=*

Attributes (20)

active-session-count The count of current active sessions.

Attribute	Value
Type	INT
Nillable	false
Expressions Allowed	false
Storage	runtime
Access Type	read-only
Stability	default

authentication-optional Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.

Attribute	Value
Default Value	false
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

cipher-suite-filter The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.

Attribute	Value
Default Value	DEFAULT
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

cipher-suite-names The filter to apply to specify the enabled cipher suites for TLSv1.3.

Attribute	Value
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

final-principal-transformer A final principal transformer to apply for this mechanism realm.

Attribute	Value
Capability reference	/subsystem=elytron/constant-principal-decoder=* /subsystem=elytron/x500-attribute-principal-decoder=* /subsystem=elytron/chained-principal-transformer=* /subsystem=elytron/custom-principal-transformer=* /subsystem=elytron/aggregate-principal-transformer=* /subsystem=elytron/regex-principal-transformer=* /subsystem=elytron/constant-principal-transformer=* /subsystem=elytron/case-principal-transformer=* /subsystem=elytron/concatenating-principal-decoder=* /subsystem=elytron/regex-validating-principal-transformer=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	resource-services
Stability	default

key-manager Reference to the key manager to use within the SSLContext.

Attribute	Value
Capability reference	/subsystem=elytron/key-manager=*
Type	STRING
Nillable	false
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

maximum-session-cache-size The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.

Attribute	Value
Default Value	-1
Type	INT
Nillable	true
Expressions Allowed	true
Min	-1
Max	2,147,483,647
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

need-client-auth To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.

Attribute	Value
Default Value	false
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

post-realm-principal-transformer A principal transformer to apply after the realm is selected.

Attribute	Value
Capability reference	/subsystem=elytron/constant-principal-decoder=* /subsystem=elytron/x500-attribute-principal-decoder=* /subsystem=elytron/chained-principal-transformer=* /subsystem=elytron/custom-principal-transformer=* /subsystem=elytron/aggregate-principal-transformer=* /subsystem=elytron/regex-principal-transformer=* /subsystem=elytron/constant-principal-transformer=* /subsystem=elytron/case-principal-transformer=* /subsystem=elytron/concatenating-principal-decoder=* /subsystem=elytron/regex-validating-principal-transformer=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	resource-services
Stability	default

pre-realm-principal-transformer A principal transformer to apply before the realm is selected.

Attribute	Value
Capability reference	/subsystem=elytron/constant-principal-decoder=* /subsystem=elytron/x500-attribute-principal-decoder=* /subsystem=elytron/chained-principal-transformer=* /subsystem=elytron/custom-principal-transformer=* /subsystem=elytron/aggregate-principal-transformer=* /subsystem=elytron/regex-principal-transformer=* /subsystem=elytron/constant-principal-transformer=* /subsystem=elytron/case-principal-transformer=* /subsystem=elytron/concatenating-principal-decoder=* /subsystem=elytron/regex-validating-principal-transformer=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	resource-services
Stability	default

protocols The enabled protocols.

Attribute	Value
Type	LIST
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Allowed Values	SSLv2 SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
Stability	default

provider-name The name of the provider to use. If not specified, all providers from providers will be passed to the SSLContext.

Attribute	Value
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

providers The name of the providers to obtain the Provider[] to use to load the SSLContext.

Attribute	Value
Capability reference	/subsystem=elytron/provider-loader=* /subsystem=elytron/aggregate-providers=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

realm-mapper The realm mapper to be used for SSL authentication.

Attribute	Value
Capability reference	/subsystem=elytron/constant-realm-mapper=* /subsystem=elytron/mapped-regex-realm-mapper=* /subsystem=elytron/simple-regex-realm-mapper=* /subsystem=elytron/custom-realm-mapper=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	resource-services
Stability	default

security-domain The security domain to use for authentication during SSL session establishment.

Attribute	Value
Capability reference	/subsystem=elytron/security-domain=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

session-timeout The timeout for SSL sessions, in seconds. The default value -1 means use the JVM default value. Value zero means there is no limit.

Attribute	Value
Default Value	-1
Type	INT
Nillable	true
Expressions Allowed	true
Min	-1
Max	2,147,483,647
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

trust-manager Reference to the trust manager to use within the SSLContext.

Attribute	Value
Capability reference	/subsystem=elytron/trust-manager=*
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

use-cipher-suites-order To honor local cipher suites preference.

Attribute	Value
Default Value	true
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

want-client-auth To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.

Attribute	Value
Default Value	false
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

wrap Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.

Attribute	Value
Default Value	false
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services
Stability	default

Operations (2)

add Add the SSL context definition.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
authentication-optional	BOOLEAN	false	true	false	Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.
cipher-suite-filter	STRING	false	true	DEFAULT	The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.
cipher-suite-names	STRING	false	true		The filter to apply to specify the enabled cipher suites for TLSv1.3.
final-principal-transformer	STRING	false	false		A final principal transformer to apply for this mechanism realm.
key-manager	STRING	true	false		Reference to the key manager to use within the SSLContext.
maximum-session-cache-size	INT	false	true	-1	The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.
need-client-auth	BOOLEAN	false	true	false	To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.
post-realm-principal-transformer	STRING	false	false		A principal transformer to apply after the realm is selected.
pre-realm-principal-transformer	STRING	false	false		A principal transformer to apply before the realm is selected.
protocols	LIST	false	true		The enabled protocols.
provider-name	STRING	false	true		The name of the provider to use. If not specified, all providers from providers will be passed to the SSLContext.
providers	STRING	false	false		The name of the providers to obtain the Provider[] to use to load the SSLContext.
realm-mapper	STRING	false	false		The realm mapper to be used for SSL authentication.
security-domain	STRING	false	false		The security domain to use for authentication during SSL session establishment.
session-timeout	INT	false	true	-1	The timeout for SSL sessions, in seconds. The default value -1 means use the JVM default value. Value zero means there is no limit.
trust-manager	STRING	false	false		Reference to the trust manager to use within the SSLContext.
use-cipher-suites-order	BOOLEAN	false	true	true	To honor local cipher suites preference.
want-client-auth	BOOLEAN	false	true	false	To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.
wrap	BOOLEAN	false	true	false	Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.

remove Remove the SSL context definition.