From 21a618e6a863e13c11a1c776e995ec29d25967f7 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Thu, 21 Jul 2016 12:39:07 +1000 Subject: [PATCH] SLOTH protection #631 Exclude all MD5 and SHA1 ciperhs, not just RSA based ones. --- .../java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index d55ba20247e..9e65738728f 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -250,10 +250,7 @@ public class SslContextFactory extends AbstractLifeCycle { setTrustAll(trustAll); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); - setExcludeCipherSuites( - "^.*_RSA_.*_(MD5|SHA|SHA1)$", - "SSL_DHE_DSS_WITH_DES_CBC_SHA", - "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); + setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); } /**