Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Can't enable SSLv3 in 9.2.10.v20150310

Unfortunately, some of our customers have older devices that don’t support the TLS protocols. Our plan was to ship our product with SSLv3 disabled – and allow customers to re-enable SSLv3 if they need to.
I hope I don’t have to revert to 9.2.3 because (from what I’ve read) it’s one of the more buggy releases.
 
Thanks
Mike
 
> *NOTE*: before upgrading to 9.2.10, I used *9.2.3* (which had SSLv3 enabled).
> Using the same code above, I was able to enable or disable SSLv3 by also setting:
> sslContextFactory.setExcludeProtocols(“SSLv3”);
> So, my question is: How do I re-enable SSLv3?
 
Since SSLv3 is inherently insecure and shouldn't be used at all, you can
switch back to Jetty 9.2.3 to get back that particular functionality for
the test setup you are obviously talking about.
 
IOW: Why do you want to use SSLv3? It's insecure and not much better than
using no SSL at all (making it at least obvious for the other side that
the data communication is not secure).
 
Cheers, Lothar
 

Back to the top