Hi guys,
I'm using jetty in an embedded application.
Jetty 9.2.10 has SSLv3 disabled by default.
I create an sslContextFactory and set the appropriate properties:
sslContextFactory.setIncludeProtocols("SSLv3", "TLSv1", "TLSv1.2", "TLSv1.1");
I then use the sslContextFactory in the connectionFactory:
SslContextFactory sslContextFactory = createSslContextFactory();//set all
sslContextFactory props here
HttpConfiguration https_config = new HttpConfiguration();
https_config.addCustomizer(new SecureRequestCustomizer());
SslConnectionFactory sslConnFact = new SslConnectionFactory(sslContextFactory,
"http/1.1");
ServerConnector https = new ServerConnector(jetty, sslConnFact, new
HttpConnectionFactory(https_config));
jetty.addConnector(https);
jetty.start();
Unfortunately, when I test the jetty server with TestSSLServer.jar (which I
found online), the output does NOT list SSLv3!
D:\temp> java -jar TestSSLServer.jar localhost 7906
Supported versions: TLSv1.0 TLSv1.1 TLSv1.2
If I only "include" SSLv3, the JettyServer will refuse to negotiate any
connections:
sslContextFactory.setIncludeProtocols("SSLv3");
If I only "include" TLSv1, the TestSSLServer.jar shows: (Supported versions:
TLSv1.0)
sslContextFactory.setIncludeProtocols("TLSv1");
NOTE: before upgrading to 9.2.10, I used 9.2.3 (which had SSLv3 enabled).
Using the same code above, I was able to enable or disable SSLv3 by also
setting:
sslContextFactory.setExcludeProtocols("SSLv3");
So, my question is: How do I re-enable SSLv3?
Thanks
Michael Grimm
[email protected]
Mobile: 970-669-5467 (Primary phone)
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
