FYI, since this impacts two config files that the user is "not supposed to mess with", associated with the MSI installed Jetty (still impacts 126.96.36.199) on Windows. Your default config for 'excludeProtocols' in the files:
is "incorrect", in that it has:
<Item>SSL SSLv2 SSLv3</Item>
whereas it should have:
I believe with your current config it is looking for a protocol named 'SSL SSLv2 SSLv3', which, of course, doesn't exist. The fact that those SSL protocols are disabled must be due to other default config in Jetty, not to do with your config.
p.s. We discovered this when trying to add 'TLSv1' to that list, recognizing that we aren't supposed to touch those files. Looking in the Linux distribution of the IdP, it looks like you have the correct syntax, in the file embedded/jetty-base/etc/jetty.xml, although it only explicitly lists SSLv3.