Ok, I just did that but did not see any difference. Since the
SslContextFactory does not provide a getUseCipherSuitesOrder I can not
check what the default setting is.
Anyway: isn't it always the server who decides which cipher to use from
the list of supported ciphers provided by the client?
I can see that this flag could influence what the server does but not
what any client could do.
Cheers,
Silvio
On 10/12/2015 04:56 PM, Marvin Addison wrote:
I would recommend setting useCipherSuitesOrder=true on your
SSLContextFactory. That's really the only way to force compliant
clients to use the ciphers in the order you provided them in the
ServerHello message. Most SSL scanning tools will ding you without
that flag since otherwise the client is free to choose _any_ of
ciphers you offer.
Marvin
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
