diff --git a/azkaban-webserver/src/main/java/azkaban/webapp/AzkabanWebServer.java b/azkaban-webserver/src/main/java/azkaban/webapp/AzkabanWebServer.java
index b5b8d0e..89dea03 100644
--- a/azkaban-webserver/src/main/java/azkaban/webapp/AzkabanWebServer.java
+++ b/azkaban-webserver/src/main/java/azkaban/webapp/AzkabanWebServer.java
@@ -709,6 +709,13 @@ public class AzkabanWebServer extends AzkabanServer {
.getString("jetty.trustpassword"));
secureConnector.setHeaderBufferSize(MAX_HEADER_BUFFER_SIZE);
+ // set up vulnerable cipher suites to exclude
+ List<String> cipherSuitesToExclude = azkabanSettings.getStringList("jetty.excludeCipherSuites");
+ logger.info("Excluded Cipher Suites: " + String.valueOf(cipherSuitesToExclude));
+ if (cipherSuitesToExclude != null && !cipherSuitesToExclude.isEmpty()) {
+ secureConnector.setExcludeCipherSuites(cipherSuitesToExclude.toArray(new String[0]));
+ }
+
server.addConnector(secureConnector);
} else {
ssl = false;
diff --git a/azkaban-webserver/src/package/conf/azkaban.properties b/azkaban-webserver/src/package/conf/azkaban.properties
index 609a917..a89a46a 100644
--- a/azkaban-webserver/src/package/conf/azkaban.properties
+++ b/azkaban-webserver/src/package/conf/azkaban.properties
@@ -34,6 +34,7 @@ jetty.password=password
jetty.keypassword=password
jetty.truststore=keystore
jetty.trustpassword=password
+jetty.excludeCipherSuites=SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA
# Azkaban Executor settings
executor.port=12321
