> > I resorted to calling setIncludeCipherSuites with an explicit list of > ciphers in the right order and that seemed to do the trick: I can still > handle the old browsers using slightly weaker ciphers and at the same > time newer browsers (including Chromium) see the stronger ciphers. >
I would recommend setting useCipherSuitesOrder=true on your SSLContextFactory. That's really the only way to force compliant clients to use the ciphers in the order you provided them in the ServerHello message. Most SSL scanning tools will ding you without that flag since otherwise the client is free to choose _any_ of ciphers you offer. Marvin <https://dev.eclipse.org/mailman/listinfo/jetty-users>
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
