How to disable the SSLv3 protocol in Jetty to prevent Poodle Attack
Is there any specific exclusion list available which disables only SSLv3 ciphers are not TLSv1/2.
I have jetty 8, and upgrading to 9 is not an option now. My current
-
To expand on @Lars answer ..
For Jetty 7, Jetty 8, and Jetty 9 you have to exclude the protocol
SSLv3(not the cipher) on anySslContextFactoryyou are using to configure for an SSL based Connector.For a Jetty Distribution
Edit the
${jetty.home}/etc/jetty-ssl.xmland add the following XML snippet.<Set name="ExcludeProtocols"> <Array type="java.lang.String"> <Item>SSLv3</Item> </Array> </Set>Inside of any element that manages a
org.eclipse.jetty.http.ssl.SslContextFactoryFor Jetty Embedded
Any SslContextFactory you create/manage for your SSL based Connectors you just need to set the excluded protocols.
SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.addExcludeProtocols("SSLv3"); sslContextFactory.setKeyStorePath(...); ...讨论(0) -
I have configurated Jetty 8.1 whitout ssl3. You can see the complete structure of jetty-ssl.xml.
<Configure id="Server" class="org.eclipse.jetty.server.Server"> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg> <New class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="keyStore">... </Set> <Set name="keyStorePassword">... </Set> <Set name="keyManagerPassword">... </Set> <Set name="trustStore">... </Set> <Set name="trustStorePassword>... </Set <Set name="ExcludeProtocols"> <Array type="java.lang.String"> <Item>SSLv3 </Item> </Array> </Set> </New> </Arg> <Set name="port">... </Set> <Set name="maxIdleTime">... </Set> </New> </Arg> </Call> </Configure>讨论(0) -
I had to disable SSLv3 in an application where we integrate Jetty source code. Based on what I changed in code, I would guess you add the following:
<Set name="ExcludeProtocols"> <Array type="java.lang.String"> <Item>SSLv3</Item> </Array> </Set>Give it a shot and let me know if it works for you.
讨论(0)
加载中...
- 热议问题