Subsonic Forum

[gingerbeast121]

Hi all.

I am a long time user of Subsonic but a first time forum poster!

I was wondering if anyone knew how to disable specific cipher suites in Jetty - this is more of a 'can it be done in jetty' topic out of pure interest! I know this can easily be achieved by using Apache etc as a reverse proxy ...but ...

I have read that you can configiure a SslSocketConnector and then define excludeCipherSuites or includeCipherSuites properties but I am not sure where to set this.

I wonder if anyone has been able to do this?

Thanks guys!

[gingerbeast121]

To kind of answer my own question - I don't believe this is possible with the current version of jetty that is included with Subsonic.

Specifically excludeCipherSuites and includeCipherSuites were introduced in Jetty 7 and Subsonic uses Jetty v6. Of course if Sindre wants to up the Jetty version to the latest and greatest that would be excellent , but as the 'risks' are mitigated but using a reverse proxy anyway this isn't probably high priority!

I ended up grabbing a 3rd party reverse proxy (Sophos UTM) and using that to publish Subsonic but others have used Apache etc.

[machbach]

nginx on openbsd as a reverse proxy. chacha20poly1305 makes a great stream cipher for ios/android devices. grab an ec key from comodo, just make sure dhparams/edch curve are setup properly. pm me if you have any Qs.