From 60f619d438a3222d90fbc22d9781ad20e1fd40fa Mon Sep 17 00:00:00 2001 From: navaneethsnair1 Date: Wed, 6 May 2026 23:49:23 +0530 Subject: [PATCH] updates to 26.0.0.5-beta blog --- posts/2026-05-05-26.0.0.5-beta.adoc | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/posts/2026-05-05-26.0.0.5-beta.adoc b/posts/2026-05-05-26.0.0.5-beta.adoc index 5b80e93b7..e67487f27 100644 --- a/posts/2026-05-05-26.0.0.5-beta.adoc +++ b/posts/2026-05-05-26.0.0.5-beta.adoc @@ -1,17 +1,17 @@ --- layout: post -title: "MCP server updates and Transport Security in 26.0.0.5-beta" +title: "Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta" # Do NOT change the categories section categories: blog author_picture: https://avatars3.githubusercontent.com/navaneethsnair1 author_github: https://github.com/navaneethsnair1 -seo-title: "MCP server updates and Transport Security in 26.0.0.5-beta- OpenLiberty.io" +seo-title: "Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta- OpenLiberty.io" seo-description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. blog_description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- -= MCP server updates and Transport Security in 26.0.0.5-beta += Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta Navaneeth S Nair :imagesdir: / :url-prefix: @@ -30,7 +30,7 @@ This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher The link:{url-about}[Open Liberty] 26.0.0.5-beta includes the following beta features (along with link:{url-prefix}/docs/latest/reference/feature/feature-overview.html[all GA features]): * <> -* <> +* <> // // // // // // // // // In the preceding section: @@ -150,8 +150,8 @@ This has been fixed to ensure proper isolation of encoder beans per application, // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/34374 // Contact/Reviewer: rangaran // // // // // // // // -[#transportSecurity] -== Transport Security +[#ssl] +== Update to TLS/SSL Cipher support Liberty uses the default cipher list from the JDK. The `securityLevel` attribute in the SSL configuration is not used anymore. In addition, the `enabledCiphers` attribute in the SSL config is updated to customize the SSL ciphers in a more flexible way. @@ -161,17 +161,28 @@ Liberty's `securityLevel` based cipher categories no longer provide meaningful v The `enabledCiphers` attribute includes a new syntax option to add '+' or remove '–' specific ciphers from the effective JDK cipher list without redefining everything. A static list and +/- syntax in the same `enabledCiphers` entry is not allowed. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list. -*Example Usage* +*Existing Usage - A user sets `securityLevel` as `HIGH`* [source,xml] ---- - - - + ---- -*Example with new syntax* +*Example with new syntax - `securityLevel` is not required and is ignored if provided* +[source,xml] +---- + +---- + +*Existing Usage - A user specifies all ciphers from the effective jdk list excluding all TLS_RSA ciphers except for one (TLS_RSA_WITH_AES_128_GCM_SHA256)* + +[source,xml] +---- + +---- + +*Example with new syntax - Use wildcards to achieve the same logic* [source,xml] ----