Why do you need to exclude the bad ones? Why not only include the good ones?

为什么你需要排除坏的？为什么不只包括好的？

For starters, I'd follow the NSA Suite Bguidelines, specifically RFC 5430

首先，我会遵循NSA Suite B指南，特别是RFC 5430

Versions after 7.0.2of Jetty now include a whitelist feature for cipher suites. Just add a section to your etc/jetty-ssl.xml like the following:

Jetty 7.0.2 之后的版本现在包括密码套件的白名单功能。只需在您的 etc/jetty-ssl.xml 中添加一个部分，如下所示：

  <Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>

        <!--you can enable cipher suites in the following section. -->
        <Set name="IncludeCipherSuites">
          <Array type="java.lang.String">
            <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
            <Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
            <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
            <Item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</Item>

            <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
            <Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
          </Array>
        </Set>
      </New>
    </Arg>
  </Call>

Doing so will automatically blacklist any cipher suites that aren't listed in this section.

这样做会自动将本节中未列出的任何密码套件列入黑名单。

Pretty sure Jetty is blacklist.

很确定 Jetty 是黑名单。

• http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites
• http://jira.codehaus.org/browse/JETTY-1164<-- I'm using slightly older version lol

• http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites
• http://jira.codehaus.org/browse/JETTY-1164<-- 我使用的是稍旧的版本，哈哈

Anyways my issue is solved. Thanks

反正我的问题解决了。谢谢