I would like to disable cipher suites (list below) deemed weak by SSL Labs to pass their SSL test on a SparkJava server.
Ciphers to disable:
Spark version spark-core 2.5 (includes Jetty 9.3), Java 8.
There are no external configuration files for Spark and no mention in the documentation on how to do this properly without messing things up.
Could someone with the know-how please explain exactly what to do?
Assuming you are using the Sun JVM without any additional security providers, then Spark is using the JVM's Sun security provider for SSL/TLS - JSSE. You can disable specific algorithms by modifying JSSE's configuration file located at
Specifically you could do something like this:
jdk.tls.disabledAlgorithms=3DES, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
This totally disables Triple DES (3DES) which has been unsafe for quite a while. It also disables the specified ciphers.
EDIT: Note that the previous answer (AES keySize <= 128) was wrong. For some reason this does not eliminate the ciphers using AES_128. Instead the insecure ciphers have to be listed by their full name.