Enable/Disable Specfic TLS Cipher Suites?

[Zack Kleinfeld]

I'm looking to enable and disable specific ciphers suites used for TLS. It looks like Jetty allows this via its SSLEngine, either via configuration or at runtime. Is it possible to get at this in Dropwizard? If so, how?

-Zack

[Matt Veitas]

Yes it is possible. What version of DW are you using?

If you are using 0.7.0 there are some properties that can be set on the io.dropwizard.jetty.HttpsConnectorFactory

<tr>

 *         <td>{@code supportedProtocols}</td>

 *         <td>(none)</td>

 *         <td>

 *             A list of protocols (e.g., {@code SSLv3}, {@code TLSv1}) which are supported. All

 *             other protocols will be refused.

 *         </td>

 *     </tr>

 *     <tr>

 *         <td>{@code supportedCipherSuites}</td>

 *         <td>(none)</td>

 *         <td>

 *             A list of cipher suites (e.g., {@code TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}) which

 *             are supported. All other cipher suites will be refused

 *         </td>

 *     </tr>

On Wed, Jan 15, 2014 at 12:44 PM, Zack Kleinfeld <zklei...@gmail.com> wrote:

I'm looking to enable and disable specific ciphers suites used for TLS. It looks like Jetty allows this via its SSLEngine, either via configuration or at runtime. Is it possible to get at this in Dropwizard? If so, how?

-Zack

--
You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Zack Kleinfeld]

Sadly, I'm back on 0.6.2; anything similar available?

Sounds like an update might be in my near future.

-Zack