Jared,
The additional "disabledPrototols" parameter worked for me. But I also
set the list of enabled ciphers with this:
private static String _mediumStrongCiphers =
// A list found on jetty website 25-Oct-2014
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA " +
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA " +
"TLS_RSA_WITH_AES_128_CBC_SHA " +
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA " +
"TLS_RSA_WITH_AES_256_CBC_SHA";
....
parameters.add("enabledCipherSuites", _mediumStrongCiphers);
--
Timothy
On 10/22/2014 7:35 PM, Jared Davis wrote:
> Hi,
>
> What is the correct way to disable SSLv3 with Jetty 8.1?
>
> I've tried disabledProtocols but it seems to have no effect.
>
> Server server = component.getServers().add(Protocol.HTTPS, ip, port);
> server.getContext().getParameters().add("keystorePath", keyPathname);
> server.getContext().getParameters().add("keystorePassword",
> storepass);
> server.getContext().getParameters().add("keyPassword",keypass );
> server.getContext().getParameters().add("disabledProtocols",
> "SSLv3");
>
> Thanks,
>
> Jared
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3090338
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3090439
