Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SLOTH protection #631 

Exclude all MD5 and SHA1 ciperhs, not just RSA based ones.
This commit is contained in:
Greg Wilkins 2016-07-21 12:39:07 +10:00
parent 2db91a88cf
commit 21a618e6a8
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -250,10 +250,7 @@ public class SslContextFactory extends AbstractLifeCycle
{ {
setTrustAll(trustAll); setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites( setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
"^.*_RSA_.*_(MD5|SHA|SHA1)$",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
} }
/** /**