1. Upgrade JDK to 1.8
2. jetty-ssl.xml
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd"> <!-- =============================================================== --> <!-- Configure SSL for the Jetty Server --> <!-- this configuration file should be used in combination with --> <!-- other configuration files. e.g. --> <!-- java -jar start.jar etc/jetty-ssl.xml --> <!-- --> <!-- alternately, add to the start.ini for easier usage --> <!-- =============================================================== --> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!-- if NIO is not available, use org.eclipse.jetty.server.ssl.SslSocketConnector --> <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="KeyStore"><Property name="jetty.home" default="." />/etc/keystore-2015</Set> <Set name="KeyStorePassword">OBF:1wua1u9d1vgv1l1g1wgi1xmk1xmq1wfg1kxm1vfz1uaxxxxxx</Set> <Set name="KeyManagerPassword">OBF:1wua1u9d1vgv1l1g1wgi1xmk1xmq1wfg1kxm1vfz1uaxxxxxx</Set> <Set name="TrustStore"><Property name="jetty.home" default="." />/etc/keystore-2015</Set> <Set name="TrustStorePassword">OBF:1wua1u9d1vgv1l1g1wgi1xmk1xmq1wfg1kxm1vfz1uaxxxxxxxx</Set> <!-- <Set name="IncludeCipherSuites"> <Array type="String"> <Item>TLS_DHE_RSA.*</Item> <Item>TLS_ECDHE.*</Item> </Array> </Set>--> <Set name="ExcludeCipherSuites"> <Array type="String"> <Item>.*NULL.*</Item> <Item>.*RC4.*</Item> <Item>.*MD5.*</Item> <Item>.*DES.*</Item> <Item>.*DSS.*</Item> </Array> </Set> <Set name="ExcludeProtocols"> <Array type="java.lang.String"> <Item>SSLv3</Item> </Array> </Set> </New> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg><Ref id="sslContextFactory" /></Arg> <Set name="Port">443</Set> <Set name="maxIdleTime">30000</Set> <Set name="Acceptors">2</Set> <Set name="AcceptQueueSize">100</Set> </New> </Arg> </Call> </Configure>
3. add System Property -Djdk.tls.ephemeralDHKeySize=2048
4. test it https://www.ssllabs.com/ssltest/index.html
info:
http://www.openssl.org/docs/apps/ciphers.html
BTW: jetty OBF password
@echo off call cd /d %~dp0 echo %JAVA_8% call "%JAVA_8%\bin\java" -cp jetty-http-9.3.0.v20150612.jar;jetty-util-9.3.0.v20150612.jar org.eclipse.jetty.util.security.Password PASSWORD pause