Fix SSL cipher configuration with Jetty 9.3

Previously, if a list of ciphers were configured, the default excludes
were still applied. Prior to Jetty 9.3, there were no default exclude but
Jetty 9.3 introduced some and they override the includes.

This commit makes sure that the exclude ciphers are cleared if at least
one cipher is explicitly configured.

Closes spring-projectsgh-6041

spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java

@@ -75,6 +75,7 @@
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.ObjectUtils;
 import org.springframework.util.ReflectionUtils;
 import org.springframework.util.ResourceUtils;
 import org.springframework.util.StringUtils;
@@ -250,8 +251,9 @@ protected void configureSsl(SslContextFactory factory, Ssl ssl) {
 		configureSslClientAuth(factory, ssl);
 		configureSslPasswords(factory, ssl);
 		factory.setCertAlias(ssl.getKeyAlias());
-		if (ssl.getCiphers() != null) {
+		if (!ObjectUtils.isEmpty(ssl.getCiphers() != null)) {
 			factory.setIncludeCipherSuites(ssl.getCiphers());
+			factory.setExcludeCipherSuites();
 		}
 		if (ssl.getEnabledProtocols() != null) {
 			factory.setIncludeProtocols(ssl.getEnabledProtocols());

spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java

@@ -136,6 +136,8 @@ public void sslCiphersConfiguration() throws Exception {
 				.getConnectionFactory(SslConnectionFactory.class);
 		assertThat(connectionFactory.getSslContextFactory().getIncludeCipherSuites())
 				.containsExactly("ALPHA", "BRAVO", "CHARLIE");
+		assertThat(connectionFactory.getSslContextFactory()
+				.getExcludeCipherSuites()).isEmpty();
 	}
 
 	@Override