Hello,
I did what I could to get rid of some unwnated cipher suits and I failed and I don't know why I tried Jetty versions from 6 to 8 and all deny to work:
I've prepared my own keystore which works well: this is result from scanSsl
[root@localhost sslscan-1.8.2]# sslscan
172.18.131.29:8446 | grep Accepted
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
You have new mail in /var/spool/mail/root
So I changed etc/jetty.xml :
<New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="KeyStore"><Property name="jetty.home" default="." />/etc/keystore</Set>
<Set name="KeyStorePassword">jettypasswd</Set>
<Set name="KeyManagerPassword">jettypasswd</Set>
<Set name="TrustStore"><Property name="jetty.home" default="." />/etc/keystore</Set>
<Set name="TrustStorePassword">jettypasswd</Set>
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>EDH-RSA-DES-CBC3-SHA</Item>
<Item>DES-CBC3-SHA</Item>
<Item>DHE-RSA-AES128-SHA</Item>
</Array>
</Set>
</New>
and this is has no effect I restarted server of course list of accepted suites haven't changed.