Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] how to properly deployDiffie-Hellman on my server

Hi,

Please guide on how to properly deploy Diffie-Hellman on my server. I am using Jetty 9.2.9 with jdk1.7.

 

This is my current configuration in jetty-ssl.xml but SSL scan report shows that “This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam)”

 

<Set name="ExcludeCipherSuites">

    <Array type="String">

      <Item>.*NULL.*</Item>

      <Item>.*RC4.*</Item>

      <Item>.*MD5.*</Item>

      <Item>.*DES.*</Item>

      <Item>.*DSS.*</Item>

    </Array>

  </Set>

 <!-- Enable Forward Secrecy Ciphers.       Note: this replaces the default Include Cipher list -->

  <Set name="IncludeCipherSuites">

    <Array type="String">

      <Item>TLS_DHE_RSA.*</Item>

      <Item>TLS_ECDHE.*</Item>

    </Array>

  </Set>

<!-- Eliminate Insecure Protocols -->

  <Call name="addExcludeProtocols">

    <Arg>

     <Array type="java.lang.String">

       <Item>SSL</Item>

       <Item>SSLv2</Item>

       <Item>SSLv2Hello</Item>

       <Item>SSLv3</Item>

       <Item>TLSv1</Item>

       <Item>TLSv1.1</Item>

     </Array>

    </Arg>

  </Call>

 

Regards

Rjc

Back to the top