Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days.

      See configuring cipher suites

      It looks like a change needs to be made in com.cenqua.fisheye.web.WebServer, where we set up the SslContextFactory. We need to call setIncludeCipherSuites to provide a list of cipher suites.

              Unassigned Unassigned
              rstephens Richard Stephens (Inactive)
              Affected customers:
              1 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: