Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] problem with excluding cypher suites

Hello,

I did what I could to get rid of some unwnated cipher suits and I failed and I don't know why I tried Jetty versions from 6 to 8 and all deny to work:

I've prepared my own keystore which works well: this is result from scanSsl


[root@localhost sslscan-1.8.2]# sslscan 172.18.131.29:8446 | grep Accepted
    Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  RC4-SHA
    Accepted  SSLv3  128 bits  RC4-MD5
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
You have new mail in /var/spool/mail/root

So I changed etc/jetty.xml :

    <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
    <Set name="KeyStore"><Property name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="KeyStorePassword">jettypasswd</Set>
    <Set name="KeyManagerPassword">jettypasswd</Set>
    <Set name="TrustStore"><Property name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="TrustStorePassword">jettypasswd</Set>
        <Set name="ExcludeCipherSuites">
                <Array type="java.lang.String">
                   <Item>EDH-RSA-DES-CBC3-SHA</Item>
                   <Item>DES-CBC3-SHA</Item>
                    <Item>DHE-RSA-AES128-SHA</Item>           
                 </Array>
    </Set>

  </New>

and this is has no effect I restarted server of course list of accepted suites haven't changed.

Could you help me?


Zbyszek

 

Back to the top