Lukasz Pater added a comment - 15/Oct/2014 3:40 PM There is a workaround, to allow configuring your own Jetty connector, instead of using FishEye's, which allows you to configure your own protocol and cipher suite exclusions. To do so, you can create a jetty-web.xml in your FISHEYE_HOME/content/WEB-INF directory. Below is a sample that will configure a new SSL connector, with SSLv3 disabled: <?xml version= "1.0" encoding= "ISO-8859-1" ?> <!DOCTYPE Configure PUBLIC "- //Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure.dtd" > <Configure class= "org.eclipse.jetty.webapp.WebAppContext" > <Get name= "server" > <Call name= "addConnector" > <Arg> <New class= "org.eclipse.jetty.server.ssl.SslSocketConnector" > <Set name= "keystore" >/path/to/keystore</Set> <Set name= "password" >keystorepassword</Set> <Set name= "Port" >8443</Set> <Get name= "sslContextFactory" > <Set name= "excludeProtocols" > <Array type= "java.lang. String " > <Item>SSLv3</Item> </Array> </Set> </Get> </New> </Arg> </Call> </Get> </Configure> If configured correctly you should see a similar message in the logs after server startup: 2014-10-15 17:33:39,614 INFO [main ] org.eclipse.jetty.util.ssl.SslContextFactory SslContextFactory-doStart - Enabled Protocols [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2] Note that this connector is completely separate from those set in the UI. You might want to disable/restrict the binds (for example set them to localhost:portnumber to disallow remote connections) on the UI-set connectors if using a custom connector like this. See also https://confluence.atlassian.com/display/FISHEYE035/Configuring+SSL+cipher+suites+for+Jetty for more details, and https://wiki.eclipse.org/Jetty/Howto/Configure_SSL for available configuration options.