Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoakim Erdfelt2016-02-02 14:48:17 -0500
committerJoakim Erdfelt2016-02-02 14:48:17 -0500
commit79a7863ac857c60f51961f5ff1b8ccdc59fd6d45 (patch)
tree9704c23d0273da9831eec41809966d27ae106638
parent7d50167ec194280901d764571424949d28dfbfb0 (diff)
downloadorg.eclipse.jetty.project-79a7863ac857c60f51961f5ff1b8ccdc59fd6d45.tar.gz
org.eclipse.jetty.project-79a7863ac857c60f51961f5ff1b8ccdc59fd6d45.tar.xz
org.eclipse.jetty.project-79a7863ac857c60f51961f5ff1b8ccdc59fd6d45.zip
486877 - Google Chrome flagging 'obsolete cipher suite' in Jetty and will soon issue broken padlock
+ Rely on SslContextFactory defaults for Includes/Excludes of Cipher Suites + Reference documentation for advice on setting up custom includes and excludes
-rw-r--r--jetty-server/src/main/config/etc/jetty-ssl-context.xml14
-rw-r--r--jetty-server/src/main/config/modules/ssl.mod3
2 files changed, 6 insertions, 11 deletions
diff --git a/jetty-server/src/main/config/etc/jetty-ssl-context.xml b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
index 68b802c9c7..7af6e66c60 100644
--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
@@ -17,16 +17,8 @@
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
- <Set name="ExcludeCipherSuites">
- <Array type="String">
- <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
- <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
- <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
- <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
- <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
- <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
- <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
- </Array>
- </Set>
+ <!-- To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
+ https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
+ -->
<Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
</Configure>
diff --git a/jetty-server/src/main/config/modules/ssl.mod b/jetty-server/src/main/config/modules/ssl.mod
index 97195c1694..04e2d400c2 100644
--- a/jetty-server/src/main/config/modules/ssl.mod
+++ b/jetty-server/src/main/config/modules/ssl.mod
@@ -87,3 +87,6 @@ http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/
## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true
+## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
+## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
+

Back to the top