Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Jetty/Howto/CipherSuites"

< Jetty‎ | Howto
m
Line 5: Line 5:
 
| steps =
 
| steps =
 
===Enabling Cipher Suites===
 
===Enabling Cipher Suites===
If a cipher suite that you require is not enabled by default, Jetty provides a mechanism that lets you enable the cipher suite for a specific SSL connector during Jetty startup. You need to make the following changes to the <tt>jetty.xml</tt> configuration file. Be aware that you must specify cipher suites in preference order.  
+
If a cipher suite that you require is not enabled by default, Jetty provides a mechanism that lets you enable the cipher suite for a specific SSL connector during Jetty startup. Be aware that you must specify cipher suites in preference order.  
 +
 
 +
Here's an example of how to configure the SslSocketConnector with included cipher suites:
  
 
<source lang="xml">
 
<source lang="xml">
Line 28: Line 30:
 
</Call>
 
</Call>
 
</source>
 
</source>
 +
 +
Note that for the [http://download.eclipse.org/jetty/stable-7/xref/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.html|SslSelectChannelConnector], the correct way to configure ssl is using an [http://download.eclipse.org/jetty/stable-7/apidocs/org/eclipse/jetty/http/ssl/SslContextFactory.html|SslContextFactory] as discussed on the [Jetty/Howto/Configure_SSL SSL Configuration] page. There is an example in the jetty distribution in '''/etc/jetty-ssl.xml'''.
 +
 +
  
 
===Disabling Chipher Suites===
 
===Disabling Chipher Suites===

Revision as of 20:21, 24 January 2012



Introduction

The Java Virtual Machine provides the SSL cipher suites that Jetty uses. See JSSE Provider documentation for more information on the available cipher suites.


Steps

Enabling Cipher Suites

If a cipher suite that you require is not enabled by default, Jetty provides a mechanism that lets you enable the cipher suite for a specific SSL connector during Jetty startup. Be aware that you must specify cipher suites in preference order.

Here's an example of how to configure the SslSocketConnector with included cipher suites: 

<Call name="addConnector">
  <Arg>
    <New class="org.mortbay.jetty.security.SslSocketConnector">
      <Set name="Port">8443</Set>
      <Set name="maxIdleTime">30000</Set>
      ...
      <Set name="IncludeCipherSuites">
        <Array type="java.lang.String">
          <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
          <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
          <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
          <Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
          <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
          <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
        </Array>
      </Set>
    </New>
  </Arg>
</Call>

Note that for the [http://download.eclipse.org/jetty/stable-7/xref/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.html

Retrieved from "https://wiki.eclipse.org/index.php?title=Jetty/Howto/CipherSuites&oldid=286400"

Copyright © Eclipse Foundation, Inc. All Rights Reserved.