Unfortunately, some of our customers have older devices that don't support the
TLS protocols. Our plan was to ship our product with SSLv3 disabled - and allow
customers to re-enable SSLv3 if they need to.
I hope I don't have to revert to 9.2.3 because (from what I've read) it's one
of the more buggy releases.
Thanks
Mike
> *NOTE*: before upgrading to 9.2.10, I used *9.2.3* (which had SSLv3 enabled).
> Using the same code above, I was able to enable or disable SSLv3 by
also setting:
> sslContextFactory.setExcludeProtocols("SSLv3");
>
> So, my question is: How do I re-enable SSLv3?
Since SSLv3 is inherently insecure and shouldn't be used at all, you can
switch back to Jetty 9.2.3 to get back that particular functionality for
the test setup you are obviously talking about.
IOW: Why do you want to use SSLv3? It's insecure and not much better than
using no SSL at all (making it at least obvious for the other side that
the data communication is not secure).
Cheers, Lothar
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
