Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Can't enable SSLv3 in 9.2.10.v20150310

Am 08.04.2015 um 20:06 schrieb Grimm, Michael J (HPCS-R&D):

> *NOTE*: before upgrading to 9.2.10, I used *9.2.3* (which had SSLv3 enabled).
> Using the same code above, I was able to enable or disable SSLv3 by also setting:
> sslContextFactory.setExcludeProtocols(“SSLv3”);
> So, my question is: How do I re-enable SSLv3?

Since SSLv3 is inherently insecure and shouldn't be used at all, you can
switch back to Jetty 9.2.3 to get back that particular functionality for
the test setup you are obviously talking about.

IOW: Why do you want to use SSLv3? It's insecure and not much better than
using no SSL at all (making it at least obvious for the other side that
the data communication is not secure).

Cheers, Lothar

Back to the top