Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

[#1570] Allow setting of SSL ciphers as configuration option

  • Loading branch information...
1 parent c130625 commit d825525c1dbec11964d74b7cc6eaac65ff2b1c03 @spinscale spinscale committed
9 documentation/manual/configuration.textile
@@ -821,6 +821,15 @@ HTTP server maximum content length for response streaming, in bytes.
Default: none - no maximum.
+h3(#play.ssl.enabledCiphers). play.ssl.enabledCiphers
+This setting allows to specify certain SSL ciphers to be used. This might be needed in case you have to be PCI compliant, as some ciphers in the default settings are vulnerable to the so-called BEAST attack.
+bc. play.ssl.enabledCiphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
+Default: none - the default ciphers are chosen.
h3(#play.pool). play.pool
Execution pool size. Try to keep this as low as possible. Setting this to 1 thread will serialise all requests (very useful for debugging purpose). For example:
5 framework/src/play/server/ssl/
@@ -22,12 +22,17 @@ public ChannelPipeline getPipeline() throws Exception {
Integer max = Integer.valueOf(Play.configuration.getProperty("play.netty.maxContentLength", "-1"));
String mode = Play.configuration.getProperty("play.netty.clientAuth", "none");
+ String enabledCiphers = Play.configuration.getProperty("play.ssl.enabledCiphers", "");
ChannelPipeline pipeline = pipeline();
// Add SSL handler first to encrypt and decrypt everything.
SSLEngine engine = SslHttpServerContextFactory.getServerContext().createSSLEngine();
+ if (enabledCiphers != null && enabledCiphers.length() > 0) {
+ engine.setEnabledCipherSuites(enabledCiphers.replaceAll(" ", "").split(","));
+ }
if ("want".equalsIgnoreCase(mode)) {

0 comments on commit d825525

Please sign in to comment.
Something went wrong with that request. Please try again.