How to set order of cipher suites for Jetty SSL?

Question

For serving my application I use Apache or embedded Jetty. For Jetty I selected some cipher suits I want to use and set it using setIncludeCipherSuites(String[] names). On Jetty documentation (http://wiki.eclipse.org/Jetty/Howto/CipherSuites) I have found that: Be aware that you must specify cipher suites in preference order.

But SSL Report by https://www.ssllabs.com/ssltest/ report that:

Cipher Suites (sorted by strength; the server has no preference)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)    ECDH 571 bits (eq. 15360 bits RSA)   FS   128
(3 other suites I use)

For Apache I got:

Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2 suites where used)

It seems that for Jetty order in which I set items in setIncludeCipherSuites() has no meaning. Is there any way to set order of preferred cipher suites?

score -1 · Answer 1 · edited May 23 '17 at 12:18

-1

The best answer I have found is to use Apache HTTPD as a reverse proxy in front of the Jetty server and use OpenSSL to set the cipher suite priority there. See this SO answer.

edited May 23 '17 at 12:18

Community

1
1

answered Jun 24 '14 at 05:15

Andy

13,916
1
36
78

3

This is not an answer. At best, it should be a comment. – Navin Sep 25 '15 at 12:18

How to set order of cipher suites for Jetty SSL?

1 Answers1