RE: Restlet 2.2.2, Jetty 8.1, disable SSLv3

Jared Davis Thu, 23 Oct 2014 05:38:02 -0700

More info:

Adding


 server.getContext().getParameters().add("protocol","TLS");

blocks a curl request with a -3 (use SSLv3.)

Still a WIP as curl reports unknown protocol on a -1 (Use => TLSv1 (SSL)) 
command.

* Connected to localhost (127.0.0.1) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using unknown / ECDHE-RSA-DES-CBC3-SHA

Here is the output on -3 (which I think is correct)

*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* Unknown SSL protocol error in connection to localhost:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to localhost:443

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3090355

RE: Restlet 2.2.2, Jetty 8.1, disable SSLv3

Reply via email to