Ok, I just did that but did not see any difference. Since the
SslContextFactory does not provide a getUseCipherSuitesOrder I can
not check what the default setting is.
Anyway: isn't it always the server who decides which cipher to use
from the list of supported ciphers provided by the client?
I can see that this flag could influence what the server does but
not what any client could do.
Cheers,
Silvio
On 10/12/2015 04:56 PM, Marvin Addison
wrote:
I would recommend setting
useCipherSuitesOrder=true on your SSLContextFactory. That's
really the only way to force compliant clients to use the
ciphers in the order you provided them in the ServerHello
message. Most SSL scanning tools will ding you without that
flag since otherwise the client is free to choose _any_ of
ciphers you offer.
Marvin
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
|