Re: [jetty-users] problem with excluding cypher suites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] problem with excluding cypher suites

From: Carey Evans <carey@xxxxxxxxxxxxx>
Date: Fri, 29 Nov 2013 15:17:38 +1300
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

On Fri, Nov 29, 2013, at 3:58, Zbigniew Sokołowski wrote:
>                    <Item>EDH-RSA-DES-CBC3-SHA</Item>
>                    <Item>DES-CBC3-SHA</Item>
>                     <Item>DHE-RSA-AES128-SHA</Item>            
> 

Java uses different names for the cipher suites than OpenSSL. You can
get a full list of standard names from
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites.

On one of our internal servers, we're using:

<Set name="excludeCipherSuites">
	<Array type="String">
		<Item>.*(3DES|DES40|RC4).*</Item>
		<Item>(SSL|TLS)_(RSA|ECDH)_.*</Item>
	</Array>
</Set>

but that may be a bit aggressive for a public site.

-- 
  Carey Evans
  carey@xxxxxxxxxxxxx

References:
- [jetty-users] problem with excluding cypher suites
  - From: Zbigniew Sokołowski

Prev by Date: Re: [jetty-users] DirectByteBuffer native memory problems (OOM) with Jetty 9.0/9.1
Next by Date: [jetty-users] Again, JSP support not configured
Previous by thread: [jetty-users] problem with excluding cypher suites
Next by thread: [jetty-users] Again, JSP support not configured
Index(es):
- Date
- Thread

Breadcrumbs