发表新帖

发表新帖

How to disable the SSLv3 protocol in Jetty to prevent Poodle Attack

后端未结

关注

 3  1323

故里飘歌 2020-12-10 01:39

Is there any specific exclusion list available which disables only SSLv3 ciphers are not TLSv1/2.

I have jetty 8, and upgrading to 9 is not an option now. My current

3条回答

情深已故 (楼主)

2020-12-10 02:13
To expand on @Lars answer ..

For Jetty 7, Jetty 8, and Jetty 9 you have to exclude the protocol SSLv3 (not the cipher) on any SslContextFactory you are using to configure for an SSL based Connector.

For a Jetty Distribution

Edit the ${jetty.home}/etc/jetty-ssl.xml and add the following XML snippet.
```
  
     SSLv3
  
```
Inside of any element that manages a org.eclipse.jetty.http.ssl.SslContextFactory

For Jetty Embedded

Any SslContextFactory you create/manage for your SSL based Connectors you just need to set the excluded protocols.
```
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.addExcludeProtocols("SSLv3");
    sslContextFactory.setKeyStorePath(...);
    ...
```
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...

热议问题