Jump to: navigation, search

Jetty/Howto/CipherSuites

< Jetty‎ | Howto
Revision as of 20:21, 24 January 2012 by Janb.webtide.com (Talk | contribs)



Introduction

The Java Virtual Machine provides the SSL cipher suites that Jetty uses. See JSSE Provider documentation for more information on the available cipher suites.


Steps

Enabling Cipher Suites

If a cipher suite that you require is not enabled by default, Jetty provides a mechanism that lets you enable the cipher suite for a specific SSL connector during Jetty startup. Be aware that you must specify cipher suites in preference order.

Here's an example of how to configure the SslSocketConnector with included cipher suites:

<Call name="addConnector">
  <Arg>
    <New class="org.mortbay.jetty.security.SslSocketConnector">
      <Set name="Port">8443</Set>
      <Set name="maxIdleTime">30000</Set>
      ...
      <Set name="IncludeCipherSuites">
        <Array type="java.lang.String">
          <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
          <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
          <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
          <Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
          <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
          <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
        </Array>
      </Set>
    </New>
  </Arg>
</Call>

Note that for the [http://download.eclipse.org/jetty/stable-7/xref/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.html