Re: [jetty-users] How to set order of cipher suites for Jetty SSL?

Thu, 13 Mar 2014 04:17:10 -0700 

> I saw a post about how to set order of cipher suites for Jetty on Stack
> Overflow
> (http://stackoverflow.com/questions/18981277/how-to-set-order-of-cipher-suites-for-jetty-ssl).
> But, no one answer the question yet.   Does anyone know the answer?

For jetty 8:

<Array id="cipherSuites" type="java.lang.String">
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>SSL_RSA_WITH_RC4_128_SHA</Item>
<Item>SSL_RSA_WITH_RC4_128_MD5</Item>
<Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
</Array>
<Call name="addConnector">

<!-- HTTPS connector -->
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New id="sslContextFactory"
class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="KeyStore">
<Property name="jetty.keystore.path"/>
</Set>
<Set name="KeyStoreType">
<Property name="jetty.keystore.type"/>
</Set>
<Set name="KeyStorePassword">
<Property name="jetty.keystore.pass"/>
</Set>
<Set name="TrustStore">
<Property name="jetty.truststore.path"/>
</Set>
<Set name="TrustStoreType">
<Property name="jetty.truststore.type"/>
</Set>
<Set name="TrustStorePassword">
<Property name="jetty.truststore.pass"/>
</Set>
<Set name="IncludeCipherSuites">
<Ref id="cipherSuites"/>
</Set>
</New>
</Arg>
<Set name="Host">
<Property name="jetty.host"/>
</Set>
<Set name="Port">
<Property name="jetty.port.ssl"/>
</Set>
<Set name="MaxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
</New>
</Arg>
</Call>

We use a reference because we have more than one https connector, but
if you only have one you could just list them under
IncludeCipherSuites.

Marvin
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users

Reply via email to