Good list of weak cipher suites for Java

Question

I\'m running a server that requires a blacklist of weak cipher suites.

So which of the following are weak? http://java.sun.com/javase/6/docs/technotes/guides/securit

Answer 1

Versions after 7.0.2 of Jetty now include a whitelist feature for cipher suites. Just add a section to your etc/jetty-ssl.xml like the following:

  
    
      
        
        8443
        30000
        2
        100

        
        
          
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA
            SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
            TLS_RSA_WITH_AES_128_CBC_SHA
            SSL_RSA_WITH_3DES_EDE_CBC_SHA

            TLS_DHE_DSS_WITH_AES_128_CBC_SHA
            SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
          
        
      
    
  

Doing so will automatically blacklist any cipher suites that aren't listed in this section.