activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shlomos <>
Subject RE: Disabling SSLv3 in embedded web-console jetty
Date Mon, 13 Jul 2015 08:24:37 GMT
Thanks for the update, I’ve managed configuring it with a different approach , hope someone
will find it useful :


<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSocketConnector">

<property name="port" value="8162"/>


<bean class="org.eclipse.jetty.http.ssl.SslContextFactory">

<property name="keyStore" value="file:${activemq.conf}/keystore.jks"/>

<property name="keyStorePassword" value="password"/>

<property name="protocol" value="TLSv1.2" />

<property name="ExcludeProtocols" value="SSLv3"/>

<property name="excludeCipherSuites">












From: christopher.l.shannon [via ActiveMQ] []
Sent: יום ה, 09 יולי 2015 15:32
To: Shlomi Avihou
Subject: Re: Disabling SSLv3 in embedded web-console jetty

If you are using JDK 8u31 or greater, SSLv3 is disabled by default.  The
typical way to disable a cipher is to use the addExcludeProtocols method on
the ssl context factory, such as:

I'm not sure if there is an easy way to do this with a websocket transport
right now but with the web console, you should be able to modify the
example xml to this:

<bean id="SecureConnector"
       <property name="port" value="8161" />
       <property name="keystore" value="some-path/ssl/server-keystore" />
       <property name="password" value="some-passsword" />
       <property name="excludeCipherSuites" value="SSLv3" />
You just need to add that excludeCipherSuites property.

On Thu, Jul 9, 2015 at 12:32 AM, shlomos <[hidden email]</user/SendEmail.jtp?type=node&node=4698892&i=0>>

> Have you found a solution for this case ?
> Thanks !!
> --
> View this message in context:
> Sent from the ActiveMQ - User mailing list archive at

If you reply to this email, your message will be added to the discussion below:
To unsubscribe from Disabling SSLv3 in embedded web-console jetty, click here<>.

View this message in context:
Sent from the ActiveMQ - User mailing list archive at
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message