Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Can't enable SSLv3 in 9.2.10.v20150310

Hi guys,
I’m using jetty in an embedded application.
Jetty 9.2.10 has SSLv3 disabled by default.
I create an sslContextFactory and set the appropriate properties:
sslContextFactory.setIncludeProtocols("SSLv3", "TLSv1", "TLSv1.2", "TLSv1.1");
I then use the sslContextFactory in the connectionFactory:
SslContextFactory sslContextFactory = createSslContextFactory();//set all sslContextFactory props here
HttpConfiguration https_config = new HttpConfiguration();
https_config.addCustomizer(new SecureRequestCustomizer());
SslConnectionFactory sslConnFact = new SslConnectionFactory(sslContextFactory, "http/1.1");
ServerConnector https = new ServerConnector(jetty, sslConnFact, new HttpConnectionFactory(https_config));
Unfortunately, when I test the jetty server with TestSSLServer.jar (which I found online), the output does NOT list SSLv3!
D:\temp> java -jar TestSSLServer.jar localhost 7906
Supported versions: TLSv1.0 TLSv1.1 TLSv1.2
If I only “include” SSLv3, the JettyServer will refuse to negotiate any connections:
If I only “include” TLSv1, the TestSSLServer.jar shows: (Supported versions: TLSv1.0)
NOTE: before upgrading to 9.2.10, I used 9.2.3 (which had SSLv3 enabled).
Using the same code above, I was able to enable or disable SSLv3 by also setting:
So, my question is: How do I re-enable SSLv3?
Michael Grimm
Mobile: 970-669-5467 (Primary phone)

Back to the top