diff options
author | Joakim Erdfelt | 2016-02-02 19:48:17 +0000 |
---|---|---|
committer | Joakim Erdfelt | 2016-02-02 19:48:17 +0000 |
commit | 79a7863ac857c60f51961f5ff1b8ccdc59fd6d45 (patch) | |
tree | 9704c23d0273da9831eec41809966d27ae106638 /jetty-server/src/main | |
parent | 7d50167ec194280901d764571424949d28dfbfb0 (diff) | |
download | org.eclipse.jetty.project-79a7863ac857c60f51961f5ff1b8ccdc59fd6d45.tar.gz org.eclipse.jetty.project-79a7863ac857c60f51961f5ff1b8ccdc59fd6d45.tar.xz org.eclipse.jetty.project-79a7863ac857c60f51961f5ff1b8ccdc59fd6d45.zip |
486877 - Google Chrome flagging 'obsolete cipher suite' in Jetty and will soon issue broken padlock
+ Rely on SslContextFactory defaults for Includes/Excludes of Cipher
Suites
+ Reference documentation for advice on setting up custom includes
and excludes
Diffstat (limited to 'jetty-server/src/main')
-rw-r--r-- | jetty-server/src/main/config/etc/jetty-ssl-context.xml | 14 | ||||
-rw-r--r-- | jetty-server/src/main/config/modules/ssl.mod | 3 |
2 files changed, 6 insertions, 11 deletions
diff --git a/jetty-server/src/main/config/etc/jetty-ssl-context.xml b/jetty-server/src/main/config/etc/jetty-ssl-context.xml index 68b802c9c7..7af6e66c60 100644 --- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml +++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml @@ -17,16 +17,8 @@ <Set name="EndpointIdentificationAlgorithm"></Set> <Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set> <Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set> - <Set name="ExcludeCipherSuites"> - <Array type="String"> - <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> - <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> - <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> - <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> - <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> - <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> - <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> - </Array> - </Set> + <!-- To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at + https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + --> <Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set> </Configure> diff --git a/jetty-server/src/main/config/modules/ssl.mod b/jetty-server/src/main/config/modules/ssl.mod index 97195c1694..04e2d400c2 100644 --- a/jetty-server/src/main/config/modules/ssl.mod +++ b/jetty-server/src/main/config/modules/ssl.mod @@ -87,3 +87,6 @@ http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/ ## Whether cipher order is significant (since java 8 only) # jetty.sslContext.useCipherSuitesOrder=true +## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at +## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + |