SSL Cipher Suites

The cipher suites used by Jetty SSL are provided by the JVM:

The ciphers are used in preference order. If a vulnerability is discovered in a cipher (or if it is considered too weak to use), it is possible to exclude it without the need to update the JVM in jetty.xml:

<Call name="addConnector">
      <New class="">
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
        <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
        <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
        <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
        <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
      <!--you can disable cipher suites in the following section. Only supported cipher suites should be listed in this section. -->
        <Set name="ExcludeCipherSuites">
          <Array type="java.lang.String">