WonderfulWorld WonderfulWorld - 1 year ago 171
Java Question

Disable cipher suites on Jetty server within Spark

I would like to disable cipher suites (list below) deemed weak by SSL Labs to pass their SSL test on a SparkJava server.

Ciphers to disable:





Spark version spark-core 2.5 (includes Jetty 9.3), Java 8.

There are no external configuration files for Spark and no mention in the documentation on how to do this properly without messing things up.

Could someone with the know-how please explain exactly what to do?

Thank you.

Answer Source

Assuming you are using the Sun JVM without any additional security providers, then Spark is using the JVM's Sun security provider for SSL/TLS - JSSE. You can disable specific algorithms by modifying JSSE's configuration file located at jre/lib/security/java.security.

Specifically you could do something like this:


This totally disables Triple DES (3DES) which has been unsafe for quite a while. It also disables the specified ciphers.

EDIT: Note that the previous answer (AES keySize <= 128) was wrong. For some reason this does not eliminate the ciphers using AES_128. Instead the insecure ciphers have to be listed by their full name.