exclude Protocols SSLv2Hello, SSLv3 from ssl

MadMarty · May 6, 2015 · 98cd0a7 · 98cd0a7
1 parent 21ee601
commit 98cd0a7
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/madsonic-booter/src/main/java/org/madsonic/booter/deployer/MadsonicDeployer.java b/madsonic-booter/src/main/java/org/madsonic/booter/deployer/MadsonicDeployer.java
@@ -14,6 +14,7 @@
 import org.apache.commons.io.IOUtils;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.util.security.Constraint;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.security.ConstraintMapping;
 import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.server.ssl.SslSocketConnector;
@@ -108,6 +109,19 @@ private void deployWebApp() {
 
             if (isHttpsEnabled()) {
                 SslSocketConnector sslConnector = new SslSocketConnector();
+                SslContextFactory sslContextFactory = sslConnector.getSslContextFactory();
+                sslContextFactory = sslConnector.getSslContextFactory();
+                sslContextFactory.setExcludeCipherSuites(
+                        new String[] {
+                            "SSL_RSA_WITH_DES_CBC_SHA",
+                            "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+                            "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+                            "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+                            "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                            "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                            "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
+                        });
+                sslContextFactory.addExcludeProtocols(new String[]{"SSLv3","SSLv2Hello"});
                 sslConnector.setMaxIdleTime(MAX_IDLE_TIME_MILLIS);
                 sslConnector.setRequestHeaderSize(HEADER_BUFFER_SIZE);
                 sslConnector.setResponseHeaderSize(HEADER_BUFFER_SIZE);