Disabling Specific Ciphers In Jenkins Bee Bot July 13, 2022 10:54 Updated The content of this article has moved to the new documentation site. Related articles How to enforce Jenkins to use TLS 1.2 How to add Java arguments to Jenkins? SSL handshake failures due to incompatible Cipher Suite How to install a new SSL certificate on Traditional Platforms? Auditing Best Practices Comments 1 comment Sort by Date Votes Steven Christenson November 02, 2017 18:52 Edited From guess and fail strategy, discovered that the following java.security settings worked well. However the java.security file which is normally owned by root must have read permission for ALL or it does not get used. When the permissions are incorrect, or there is a misconfiguration since Jenkins 2.7x FireFox was reporting "no overlapping cyphers" and failing to connect. Note that I commented out the "jdk.tls.legacyAlgorithms" as it really doesn't make sense to allow them to be used at all if you're trying to be secure. jdk.tls.disabledAlgorithms=RC4, DES-CBC3-SHA keySize < 256, SSLv3, DSA, RSA keySize < 2048 # jdk.tls.legacyAlgorithms= \ # K_NULL, C_NULL, M_NULL, \ # DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ # DH_RSA_EXPORT, RSA_EXPORT, \ # DH_anon, ECDH_anon, \ # RC4_128, RC4_40, DES_CBC, DES40_CBC 0 Please sign in to leave a comment.