On Fri, Jan 13, 2012 at 8:19 PM, Gerald Drouillard <[email protected]> wrote: > For PCI compliance we need to be able to disable weak ciphers. Does anyone > know of a way to get jetty configured. > Tried using: > http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites > <Set name="ExcludeCipherSuites"> > <Array type="java.lang.String"> > <Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item> > <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> > <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> > </Array> > </Set> > OR > <Set name="CipherSuites"> > <Array type="java.lang.String"> > <Item>SSL_RSA_WITH_RC4_128_MD5</Item> > <Item>SSL_RSA_WITH_RC4_128_SHA</Item> > <Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item> > </Array> > </Set> > in the /etc/sipxpbx/sipxconfig-jetty.xml but get an error: > > "2012-01-13T18:06:44.703000Z":2:JAVA:WARNING:pbx1.ask-services.com:main:00000000:Server:"EXCEPTION > " > java.io.IOException: Jetty configuration problem: > java.lang.NoSuchMethodException: class > org.mortbay.http.SslListener.setExcludeCipherSuites(class > [Ljava.lang.String;) > at org.mortbay.jetty.Server.<init>(Server.java:113) > at org.mortbay.jetty.Server.<init>(Server.java:78) > at org.mortbay.jetty.Server.main(Server.java:432) >
Instructions would work for SslSocketConnector - jetty version 6. sipXecs 4.4 use jetty version 5 which doesn't support this yet. However, Cristi is just about to port code and upgrade jetty to latest version (that would be for sipXecs 4.6) George ---------- Come meet us at CoLab @ CSU in March (5th & 6th) http://www.sipfoundry.org/sipx-colab http://wiki.sipfoundry.org/display/sipXecs/2012+sipX-CoLab+Hackfest _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
