Hello,
I did what I could to get rid of some unwnated cipher suits and I failed
and I don't know why I tried Jetty versions from 6 to 8 and all deny to
work:
I've prepared my own keystore which works well: this is result from scanSsl
[root@localhost sslscan-1.8.2]# sslscan 172.18.131.29:8446 | grep Accepted
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
You have new mail in /var/spool/mail/root
So I changed etc/jetty.xml :
<New id="sslContextFactory"
class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="KeyStore"><Property name="jetty.home" default="."
/>/etc/keystore</Set>
<Set name="KeyStorePassword">jettypasswd</Set>
<Set name="KeyManagerPassword">jettypasswd</Set>
<Set name="TrustStore"><Property name="jetty.home" default="."
/>/etc/keystore</Set>
<Set name="TrustStorePassword">jettypasswd</Set>
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>EDH-RSA-DES-CBC3-SHA</Item>
<Item>DES-CBC3-SHA</Item>
<Item>DHE-RSA-AES128-SHA</Item>
</Array>
</Set>
</New>
and this is has no effect I restarted server of course list of accepted
suites haven't changed.
Could you help me?
Zbyszek
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
