It was not successful.
I added the environment variable ‘CRYPTO_POLICY: “unlimited”’
I confirmend it
root@marvin:/openhab# cat /usr/lib/jvm/java-17-openjdk-amd64/conf/security/java.security | grep crypto.policy
# The default setting is determined by the value of the "crypto.policy"
# The "crypto.policy" security property points to a subdirectory
crypto.policy=unlimited
but still getting
marvin:~ # tail -n 2000 /smartserver/var/log/openhab/openhab.log | grep "SslContextFactory"
2024-08-17 08:56:42.938 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Trusting all certificates configured for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.941 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - No Client EndPointIdentificationAlgorithm configured for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.944 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.945 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.947 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.949 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.951 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.953 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_DHE_DSS_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.955 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.962 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_DHE_DSS_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.964 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.965 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.967 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.977 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.978 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.980 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.982 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.984 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256 enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.986 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.988 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.995 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
2024-08-17 08:56:42.996 [WARN ] [rg.eclipse.jetty.util.ssl.SslContextFactory.config] - Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for Client@42eb49ba[provider=null,keyStore=null,trustStore=null]
I added also the following setting to /openhab/runtime/etc/jetty.xml, but without success
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
</Array>
</Set>
<Set name="KeyStorePath">....