Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #2807 - Updating Default TLS Cipher Suite Exclusions 

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt 2018-08-23 18:08:35 -05:00
parent 44e57f2170
commit 5e07592a69
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -212,7 +212,20 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{ {
setTrustAll(trustAll); setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
// Exclude weak / insecure ciphers
setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
// Exclude ciphers that don't support forward secrecy
addExcludeCipherSuites("^TLS_RSA_.*$");
/* The following exclusions are present to cleanup known bad cipher suites
* that are accidentally added via Include patterns.
* The default enabled cipher list in Java will not include these
* (but they are available in the supported list) */
addExcludeCipherSuites("^SSL_.*$");
addExcludeCipherSuites("^.*_NULL_.*$");
addExcludeCipherSuites("^.*_anon_.*$");
if (keyStorePath != null) if (keyStorePath != null)
setKeyStorePath(keyStorePath); setKeyStorePath(keyStorePath);
} }