Merge pull request #226 from janbrasna/fix/jetty-tls13-ciphersuites

Fix Jetty `intermediate`/`old` configs for TLSv1.3-only clients
mozilla · Oct 8, 2024 · 79d7131 · 79d7131
2 parents 46f5838 + 00a5150
commit 79d7131
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/src/js/configs.js b/src/js/configs.js
@@ -88,7 +88,7 @@ module.exports = {
   jetty: {
     cipherFormat: 'iana',
     highlighter: 'xml',
-    latestVersion: '9.4.28',
+    latestVersion: '12.0.12',
     name: 'Jetty',
     supportsHsts: false,
     supportsOcspStapling: false,

diff --git a/src/templates/partials/jetty.hbs b/src/templates/partials/jetty.hbs
@@ -6,7 +6,7 @@
     <Property name="jetty.sslContext.keyStorePath" default="/path/to/key_store" />
   </Set>
 
-  <!-- TLS 1.3 requires Java 11 or higher -->
+  {{#if (includes "TLSv1.3" output.protocols)}}<!-- TLSv1.3 requires Java 11 or higher -->{{/if}}
   <Set name="IncludeProtocols">
     <Array type="String">
       {{#each output.protocols}}
@@ -18,6 +18,11 @@
 {{#if output.ciphers.length}}
   <Set name="IncludeCipherSuites">
     <Array type="String">
+  {{#if (includes "TLSv1.3" output.protocols)}}
+    {{#each output.cipherSuites}}
+      <Item>{{this}}</Item>
+    {{/each}}
+  {{/if}}
   {{#each output.ciphers}}
       <Item>{{this}}</Item>
   {{/each}}
@@ -28,4 +33,4 @@
   <Set name="useCipherSuitesOrder">
     <Property name="jetty.sslContext.useCipherSuitesOrder" default="{{#if output.serverPreferredOrder}}true{{else}}false{{/if}}" />
   </Set>
-</Configure>
+</Configure>