问题
In my jetty configuration file I am using ExcludeCipherSuites tag to exclude some protocols and everything works fine and my jetty server supports all TLS versions (1.0, 1.1, 1.2).
However when instead of excluding bad ciphers, I use IncludeCipherSuites to include only supported ciphers, my jetty server starts supporting only TLS 1.2. Other TLS versions (1.0 and 1.1) are becoming not supported.
I even tried to whitelist all possible ciphers using IncludeCipherSuites like below:
<Set name="IncludeCipherSuites">
<Array type="java.lang.String">
<Item>.*</Item>
</Array>
</Set>
But again the same result - TLS 1.2 is supported, TLS 1.0 and 1.1 is not supported.
I found a similar question but it didn't have proper answer: Configuring SSL cipher suites for Jetty
Can someone help me understand what's wrong with IncludeCipherSuites option? or What am I doing wrong?
Thanks
回答1:
Exclude wins over Include
Just adding them to includes does nothing if they are already excluded (which they are).
Follow the instructions on the prior answer and redeclare the excludes (like the suggestions and documentation do)
来源:https://stackoverflow.com/questions/39540529/jetty-includeciphersuites-enables-only-tls-1-2