If you have an idea on how to handle this better, providing prompt
safer defaults without breaking apps, we are all ears.
In this case, I think the following patch is a much better balance of security and backward compatibility:
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 55877cd..eb966f8 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -250,7 +250,7 @@ public class SslContextFactory extends AbstractLifeCycle
setTrustAll(trustAll);
addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
setExcludeCipherSuites(
- "^.*_RSA_.*_(MD5|SHA|SHA1)$",
+ "^.*_RSA_.*_MD5$",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
}
In most of the reports I've read, the attack of greatest concern is a MITM forcing an MD5 signature algorithm, which my patch prevents. SHA1 is still widely used and it really ought to be supported by default for the time being.
Best,
Marvin
