There is a workaround, to allow configuring your own Jetty connector, instead of using FishEye's, which allows you to configure your own protocol and cipher suite exclusions.
To do so, you can create a jetty-web.xml in your FISHEYE_HOME/content/WEB-INF directory.
Below is a sample that will configure a new SSL connector, with SSLv3 disabled:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "- "http://www.eclipse.org/jetty/configure.dtd" >
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
<Set name="keystore">/path/to/keystore</Set>
<Set name="password">keystorepassword</Set>
<Set name="Port">8443</Set>
<Get name="sslContextFactory">
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>SSLv3</Item>
</Array>
</Set>
</Get>
</New>
</Arg>
</Call>
</Get>
</Configure>
If configured correctly you should see a similar message in the logs after server startup:
2014-10-15 17:33:39,614 INFO [main ] org.eclipse.jetty.util.ssl.SslContextFactory SslContextFactory-doStart - Enabled Protocols [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
Note that this connector is completely separate from those set in the UI. You might want to disable/restrict the binds (for example set them to localhost:portnumber to disallow remote connections) on the UI-set connectors if using a custom connector like this.
See also https://confluence.atlassian.com/display/FISHEYE035/Configuring+SSL+cipher+suites+for+Jetty for more details, and https://wiki.eclipse.org/Jetty/Howto/Configure_SSL for available configuration options.
There is a workaround, to allow configuring your own Jetty connector, instead of using FishEye's, which allows you to configure your own protocol and cipher suite exclusions.
To do so, you can create a jetty-web.xml in your FISHEYE_HOME/content/WEB-INF directory.
Below is a sample that will configure a new SSL connector, with SSLv3 disabled:
If configured correctly you should see a similar message in the logs after server startup:
Note that this connector is completely separate from those set in the UI. You might want to disable/restrict the binds (for example set them to localhost:portnumber to disallow remote connections) on the UI-set connectors if using a custom connector like this.
See also https://confluence.atlassian.com/display/FISHEYE035/Configuring+SSL+cipher+suites+for+Jetty for more details, and https://wiki.eclipse.org/Jetty/Howto/Configure_SSL for available configuration options.