Privilege prevention of attacks and other security risks

Question

Privilege prevention of attacks and other security risks

I have a Jetty server (9.2.4) and tested it with SSL Labs Vulnerability Assessment Tool. One of them concluded: "Avoiding failover failures: No, TLS_FALLBACK_SCSV is not supported." Are there any settings I can use to enable this?

Jetty Server is built in.

+3

security jetty jetty-9

Philippe bertrand Dec 11. '14 at 21:30

source to share

1 answer

Hristo · Answer 1 · 2015-07-05T22:31:12+0000

I have the same question and posted to ServerFault:

https://serverfault.com/questions/700601/jetty-9-support-for-tls-fallback-scsv

There is only 1 answer at the moment (7/5/2015) and the answer is that Java doesn't support it yet. There is an open ticket for this:

JDK-8061798 - Add TLS_FALLBACK_SCSV Support

Privilege prevention of attacks and other security risks

More articles: