Contact the core Jetty developers at
www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
SSL Cipher Suites
SSL encryption ciphers are classified based on encryption key length as follows:
- HIGH - key length larger than 128 bits
- MEDIUM - key length equal to 128 bits
- LOW - key length smaller than 128 bits
To avoid weak encyption vulnerability, it is advised that MEDIUM to HIGH encryption ciphers are used instead of LOW ciphers. In line with this, you can disable a list of cipher suites in jetty.xml like so:
<Call name="addConnector"> <Arg> <New class="org.mortbay.jetty.security.SslSocketConnector"> <Set name="Port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <!--you can disable cipher suites in the following section. Only supported cipher suites should be listed in this section. --> <Set name="ExcludeCipherSuites"> <Array type="java.lang.String"> <Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> </Array> </Set> </New> </Arg> </Call>
For more information, see also http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE.