Revert "485714 - Update SSL configuration to mitigate SLOTH vulnerability" This reverts commit 46ed803023d1fda6abe81a5deb8100c38416ccf3. The fix broke several unit tests.
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index 42f109c..5025b2d 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -250,10 +250,14 @@ setTrustAll(trustAll); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); setExcludeCipherSuites( - "^.*_RSA_.*_(MD5|SHA|SHA1)$", + "SSL_RSA_WITH_DES_CBC_SHA", + "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", + "SSL_RSA_EXPORT_WITH_RC4_40_MD5", + "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", + "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); - } +} /** * Construct an instance of SslContextFactory
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java index a5e65c0..0ca6644 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@@ -29,7 +29,6 @@ import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; -import java.util.Arrays; import javax.net.ssl.SSLEngine; @@ -58,20 +57,6 @@ } @Test - public void testSLOTH() throws Exception - { - cf.setKeyStorePassword("storepwd"); - cf.setKeyManagerPassword("keypwd"); - - cf.start(); - - System.err.println(Arrays.asList(cf.getSelectedProtocols())); - for (String cipher : cf.getSelectedCipherSuites()) - System.err.println(cipher); - - } - - @Test public void testNoTsFileKs() throws Exception { cf.setKeyStorePassword("storepwd");