> > Ok, I just did that but did not see any difference. > Sure, it happened to work before and it works now with your "well-behaved" client, which is what I would expect. It's just added insurance in situations where a client is deliberately trying to downgrade encryption for some nefarious purpose.
Anyway: isn't it always the server who decides which cipher to use from the > list of supported ciphers provided by the client? > Normally, yes, but that flag changes the behavior to prefer the server's cipher ordering. The behavior is documented in the "Cipher Suite Preference" section of https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html . M
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
