When performing hack tests against software, one of the findings is that there are obsoleted CBC ciphers being used in the Jetty web server of the Connector server on port 20443.

Is it possible to remove them from the Jetty web server?

The old Jetty versions are reported back in the CA software:

20080/tcp open http syn-ack ttl 127 Jetty 6.1.x (Web Console HTTP Port)
20443/tcp open ssl/http syn-ack ttl 127 Jetty 6.1.x (Web Console HTTPS Port)
22001/tcp open http syn-ack ttl 127 Jetty 7.2.2.v20101205 (Broker HTTP Port)
22002/tcp open ssl/http syn-ack ttl 127 Jetty 7.2.2.v20101205 (Broker HTTPS Port)

IDM 14.5.1

Reported CVEs were addressed in Jetty versions 7-12

The ServiceMix component used in v14.5 has reached its End of Life (EOL). Due to library dependencies and tight coupling within that ServiceMix architecture, we cannot upgrade the Jetty libraries in isolation

In fact, these dependency constraints were the primary driver for our architectural decision to completely remove ServiceMix in v15.

We cannot perform any further library upgrades on the v14.5 ServiceMix layer. The only supported path to remediate these findings is for the customer to migrate to v15 as soon as possible.