Permalink
Browse files

Configures RC4 cipher suites as default.

  • Loading branch information...
1 parent 6d58a2a commit 8aa247bcdf537f16347170a7e648d5c57414a0f6 Justin Cummins committed Feb 15, 2012
Showing with 10 additions and 0 deletions.
  1. +10 −0 jetty_files/etc/jetty.xml.erb
@@ -34,6 +34,16 @@
<Set name="maxIdleTime">30000</Set>
<Set name="password"><SystemProperty name="jetty.ssl.password" default="foobar" /></Set>
<Set name="keystore"><SystemProperty name="jetty.ssl.keystore" default="etc/fake.p12" /></Set>
+ <!-- Using RC4 to avoid the Rizzo/Duong attack on block ciphers. -->
+ <Set name="IncludeCipherSuites">
+ <Array type="java.lang.String">
+ <Item>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</Item>
+ <Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
+ <Item>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</Item>
+ <Item>TLS_ECDH_RSA_WITH_RC4_128_SHA</Item>
+ <Item>SSL_RSA_WITH_RC4_128_SHA</Item>
+ </Array>
+ </Set>
<Set name="keystoreType">PKCS12</Set>
</New>
</Arg>

0 comments on commit 8aa247b

Please sign in to comment.