Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Jetty/Howto/CipherSuites
Introduction
The Java Virtual Machine provides the SSL cipher suites that Jetty uses. See JSSE Provider documentation for more information on the available cipher suites.
Steps
Enabling Cipher Suites
If a cipher suite that you require is not enabled by default, Jetty provides a mechanism that lets you enable the cipher suite for a specific SSL connector during Jetty startup. Be aware that you must specify cipher suites in preference order.
Here's an example of how to configure the SslSocketConnector with included cipher suites:
<Call name="addConnector"> <Arg> <New class="org.mortbay.jetty.security.SslSocketConnector"> <Set name="Port">8443</Set> <Set name="maxIdleTime">30000</Set> ... <Set name="IncludeCipherSuites"> <Array type="java.lang.String"> <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item> <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item> <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item> <Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item> <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item> <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item> </Array> </Set> </New> </Arg> </Call>
Note that for the [http://download.eclipse.org/jetty/stable-7/xref/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.html