You are using a rather old version of Jetty.
Just to express how old (here's a list of things that have happened since the release of 9.2.0.v20140526):
- There's been over 900 commits in the 9.2.x branch alone
- There have been 18 minor releases of jetty 9.2.x
- Jetty 9.3.x was started
- A major version update, Jetty 9.3.0 stable, was released
- There have been over 3,200 commits to jetty 9.3.x
- There have been 11 minor releases of jetty 9.3.x
- Jetty 9.4.x was started
- There have been over 4,000 commits to jetty 9.4.x
- Jetty 9.4.0 has started with milestone (alpha quality) releases
- Java 7 EOL (End of Life) was announced and officially entered EOL
- Jetty 10.x has been started (for servlet 4.0)
- Java 8 has addressed (according to its release notes) over 3 dozen SSL/TLS vulnerabilities
- Java 8 has outright started to disable large swathes of SSL/TLS to address various vulnerabilities.
What happens if you use one of the latest stable releases? Jetty 9.3.11.v20160721 or 9.2.18.v20160721 ?
Also, since you are working with SSL/TLS, it is important (as in very important) that you stay up to date with your Java VM.
Respect the Java expiration dates that every release has.