From 60f619d438a3222d90fbc22d9781ad20e1fd40fa Mon Sep 17 00:00:00 2001 From: navaneethsnair1 Date: Wed, 6 May 2026 23:49:23 +0530 Subject: [PATCH 1/4] updates to 26.0.0.5-beta blog --- posts/2026-05-05-26.0.0.5-beta.adoc | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/posts/2026-05-05-26.0.0.5-beta.adoc b/posts/2026-05-05-26.0.0.5-beta.adoc index 5b80e93b7..e67487f27 100644 --- a/posts/2026-05-05-26.0.0.5-beta.adoc +++ b/posts/2026-05-05-26.0.0.5-beta.adoc @@ -1,17 +1,17 @@ --- layout: post -title: "MCP server updates and Transport Security in 26.0.0.5-beta" +title: "Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta" # Do NOT change the categories section categories: blog author_picture: https://avatars3.githubusercontent.com/navaneethsnair1 author_github: https://github.com/navaneethsnair1 -seo-title: "MCP server updates and Transport Security in 26.0.0.5-beta- OpenLiberty.io" +seo-title: "Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta- OpenLiberty.io" seo-description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. blog_description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- -= MCP server updates and Transport Security in 26.0.0.5-beta += Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta Navaneeth S Nair :imagesdir: / :url-prefix: @@ -30,7 +30,7 @@ This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher The link:{url-about}[Open Liberty] 26.0.0.5-beta includes the following beta features (along with link:{url-prefix}/docs/latest/reference/feature/feature-overview.html[all GA features]): * <> -* <> +* <> // // // // // // // // // In the preceding section: @@ -150,8 +150,8 @@ This has been fixed to ensure proper isolation of encoder beans per application, // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/34374 // Contact/Reviewer: rangaran // // // // // // // // -[#transportSecurity] -== Transport Security +[#ssl] +== Update to TLS/SSL Cipher support Liberty uses the default cipher list from the JDK. The `securityLevel` attribute in the SSL configuration is not used anymore. In addition, the `enabledCiphers` attribute in the SSL config is updated to customize the SSL ciphers in a more flexible way. @@ -161,17 +161,28 @@ Liberty's `securityLevel` based cipher categories no longer provide meaningful v The `enabledCiphers` attribute includes a new syntax option to add '+' or remove '–' specific ciphers from the effective JDK cipher list without redefining everything. A static list and +/- syntax in the same `enabledCiphers` entry is not allowed. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list. -*Example Usage* +*Existing Usage - A user sets `securityLevel` as `HIGH`* [source,xml] ---- - - - + ---- -*Example with new syntax* +*Example with new syntax - `securityLevel` is not required and is ignored if provided* +[source,xml] +---- + +---- + +*Existing Usage - A user specifies all ciphers from the effective jdk list excluding all TLS_RSA ciphers except for one (TLS_RSA_WITH_AES_128_GCM_SHA256)* + +[source,xml] +---- + +---- + +*Example with new syntax - Use wildcards to achieve the same logic* [source,xml] ---- From d57786fa5ae2223d8766e3dedf9e3e5831c447b5 Mon Sep 17 00:00:00 2001 From: IsmathBadsha Date: Thu, 7 May 2026 13:45:43 +0530 Subject: [PATCH 2/4] Review comment changes --- posts/2026-05-05-26.0.0.5-beta.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/posts/2026-05-05-26.0.0.5-beta.adoc b/posts/2026-05-05-26.0.0.5-beta.adoc index e67487f27..5912964ff 100644 --- a/posts/2026-05-05-26.0.0.5-beta.adoc +++ b/posts/2026-05-05-26.0.0.5-beta.adoc @@ -6,8 +6,8 @@ categories: blog author_picture: https://avatars3.githubusercontent.com/navaneethsnair1 author_github: https://github.com/navaneethsnair1 seo-title: "Updates to MCP Server and TLS/SSL Cipher Support in 26.0.0.5 Beta- OpenLiberty.io" -seo-description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. -blog_description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. +seo-description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using the effective JDK cipher list by default and flexible `enabledCiphers` syntax. +blog_description: This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using the effective JDK cipher list by default and flexible `enabledCiphers` syntax. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- @@ -18,7 +18,7 @@ Navaneeth S Nair :url-about: / //Blank line here is necessary before starting the body of the post. -This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using JDK defaults and flexible `enabledCiphers` syntax. +This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by the effective JDK cipher list by default and flexible `enabledCiphers` syntax. // // // // // // // // // Change the RELEASE_SUMMARY to an introductory paragraph. This sentence is really @@ -153,7 +153,7 @@ This has been fixed to ensure proper isolation of encoder beans per application, [#ssl] == Update to TLS/SSL Cipher support -Liberty uses the default cipher list from the JDK. The `securityLevel` attribute in the SSL configuration is not used anymore. In addition, the `enabledCiphers` attribute in the SSL config is updated to customize the SSL ciphers in a more flexible way. +Liberty uses the effective JDK cipher list from the JDK. The `securityLevel` attribute in the SSL configuration is not used anymore. In addition, the `enabledCiphers` attribute in the SSL config is updated to customize the SSL ciphers in a more flexible way. This change modifies the existing attribute `enabledCiphers` in the `ssl` config. From 8788cb8db74d7e00c233a669ad6f50e1561f0020 Mon Sep 17 00:00:00 2001 From: IsmathBadsha Date: Thu, 7 May 2026 19:49:15 +0530 Subject: [PATCH 3/4] review_comments --- posts/2026-05-05-26.0.0.5-beta.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/posts/2026-05-05-26.0.0.5-beta.adoc b/posts/2026-05-05-26.0.0.5-beta.adoc index 5912964ff..0fc9f68aa 100644 --- a/posts/2026-05-05-26.0.0.5-beta.adoc +++ b/posts/2026-05-05-26.0.0.5-beta.adoc @@ -18,7 +18,7 @@ Navaneeth S Nair :url-about: / //Blank line here is necessary before starting the body of the post. -This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by the effective JDK cipher list by default and flexible `enabledCiphers` syntax. +This beta release updates the `mcpServer-1.0` feature and simplifies SSL cipher configuration by using the effective JDK cipher list by default and flexible `enabledCiphers` syntax. // // // // // // // // // Change the RELEASE_SUMMARY to an introductory paragraph. This sentence is really @@ -159,7 +159,7 @@ This change modifies the existing attribute `enabledCiphers` in the `ssl` config Liberty's `securityLevel` based cipher categories no longer provide meaningful value. The `MEDIUM` and `LOW` categories contain no remaining ciphers. -The `enabledCiphers` attribute includes a new syntax option to add '+' or remove '–' specific ciphers from the effective JDK cipher list without redefining everything. A static list and +/- syntax in the same `enabledCiphers` entry is not allowed. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list. +The `enabledCiphers` attribute now has two mutually exclusive modes: (1) Specify a custom list of ciphers separated by spaces, or (2) Specify filter criteria to add (+) or remove (-) cipher suites from the effective JDK cipher suites. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list. *Existing Usage - A user sets `securityLevel` as `HIGH`* From c1746b39db28233e9882ee3c6d5758f850c06175 Mon Sep 17 00:00:00 2001 From: IsmathBadsha Date: Thu, 7 May 2026 22:56:24 +0530 Subject: [PATCH 4/4] review_comment --- posts/2026-05-05-26.0.0.5-beta.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2026-05-05-26.0.0.5-beta.adoc b/posts/2026-05-05-26.0.0.5-beta.adoc index 0fc9f68aa..3bcf802c4 100644 --- a/posts/2026-05-05-26.0.0.5-beta.adoc +++ b/posts/2026-05-05-26.0.0.5-beta.adoc @@ -159,7 +159,7 @@ This change modifies the existing attribute `enabledCiphers` in the `ssl` config Liberty's `securityLevel` based cipher categories no longer provide meaningful value. The `MEDIUM` and `LOW` categories contain no remaining ciphers. -The `enabledCiphers` attribute now has two mutually exclusive modes: (1) Specify a custom list of ciphers separated by spaces, or (2) Specify filter criteria to add (+) or remove (-) cipher suites from the effective JDK cipher suites. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list. +The `enabledCiphers` attribute now has two mutually exclusive modes: (1) Specify a custom list of ciphers separated by spaces, or (2) Specify filter criteria to add (+) or remove (-) cipher suites from the effective JDK cipher list. If the value set in `enabledCiphers` contains a static entry and a +/- entry, an error is logged, and the server ignores the `enabledCiphers` value by returning the effective JDK cipher list. *Existing Usage - A user sets `securityLevel` as `HIGH`*