Jetty IncludeCipherSuites仅启用TLS 1.2 [英] Jetty IncludeCipherSuites enables only TLS 1.2

问题描述

在我的码头配置文件中，我正在使用ExcludeCipherSuites标记排除某些协议，并且一切正常，并且我的码头服务器支持所有TLS版本(1.0、1.1、1.2).

In my jetty configuration file I am using ExcludeCipherSuites tag to exclude some protocols and everything works fine and my jetty server supports all TLS versions (1.0, 1.1, 1.2).

但是，当我使用IncludeCipherSuites而不是排除不良密码时，仅包括受支持的密码时，我的码头服务器开始仅支持TLS 1.2.其他TLS版本(1.0和1.1)不再受支持.

However when instead of excluding bad ciphers, I use IncludeCipherSuites to include only supported ciphers, my jetty server starts supporting only TLS 1.2. Other TLS versions (1.0 and 1.1) are becoming not supported.

我什至尝试使用IncludeCipherSuites将所有可能的密码列入白名单，如下所示:

I even tried to whitelist all possible ciphers using IncludeCipherSuites like below:

<Set name="IncludeCipherSuites">
    <Array type="java.lang.String">
        <Item>.*</Item>
    </Array>
</Set>

但是同样的结果-支持TLS 1.2，不支持TLS 1.0和1.1.

But again the same result - TLS 1.2 is supported, TLS 1.0 and 1.1 is not supported.

我发现了类似的问题，但没有正确的答案: 为Jetty配置SSL密码套件

I found a similar question but it didn't have proper answer: Configuring SSL cipher suites for Jetty

有人可以帮助我了解IncludeCipherSuites选项有什么问题吗?还是我做错了什么?

Can someone help me understand what's wrong with IncludeCipherSuites option? or What am I doing wrong?

谢谢

推荐答案

Exclude胜过Include

如果已经将它们排除在外，则仅将它们添加到include不会做任何事情.

Just adding them to includes does nothing if they are already excluded (which they are).

按照上一个答案的说明进行操作，然后重新声明排除项(如建议和文档一样)

Follow the instructions on the prior answer and redeclare the excludes (like the suggestions and documentation do)

这篇关于Jetty IncludeCipherSuites仅启用TLS 1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！