Jared, The additional "disabledPrototols" parameter worked for me. But I also set the list of enabled ciphers with this:
private static String _mediumStrongCiphers = // A list found on jetty website 25-Oct-2014 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA " + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA " + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA " + "TLS_RSA_WITH_AES_128_CBC_SHA " + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA " + "TLS_RSA_WITH_AES_256_CBC_SHA"; .... parameters.add("enabledCipherSuites", _mediumStrongCiphers); -- Timothy On 10/22/2014 7:35 PM, Jared Davis wrote: > Hi, > > What is the correct way to disable SSLv3 with Jetty 8.1? > > I've tried disabledProtocols but it seems to have no effect. > > Server server = component.getServers().add(Protocol.HTTPS, ip, port); > server.getContext().getParameters().add("keystorePath", keyPathname); > server.getContext().getParameters().add("keystorePassword", > storepass); > server.getContext().getParameters().add("keyPassword",keypass ); > server.getContext().getParameters().add("disabledProtocols", > "SSLv3"); > > Thanks, > > Jared > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3090338 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3090439