Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Jetty/Howto/Configure SSL Connectors"
(New page: {{Jetty Howto | introduction = An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class t...) |
m (Formatting for XML snippet was messed up.) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
{{Jetty Howto | {{Jetty Howto | ||
| introduction = | | introduction = | ||
+ | |||
+ | {{note|Note: This method of configuring SSL connectors is deprecated as of Jetty 7.3.1. For current information, refer to [[/Jetty/Reference/SSL_Connectors|Configuring Jetty Connectors]].}} | ||
+ | |||
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector". | An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector". | ||
<source lang="XML"> | <source lang="XML"> | ||
− | + | <Call name="addConnector"> | |
− | + | <Arg> | |
− | + | <New class="org.eclipse.jetty.server.ssl.SslSocketConnector"> | |
− | + | <Set name="Port">8443</Set> | |
− | + | <Set name="maxIdleTime">30000</Set> | |
− | + | <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> | |
− | + | <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> | |
− | + | <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> | |
− | + | <Set name="truststore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set> | |
− | + | <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> | |
− | + | </New> | |
− | + | </Arg> | |
− | + | </Call> | |
− | + | ||
</source> | </source> |
Latest revision as of 00:35, 10 June 2011
Introduction
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".
<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSocketConnector"> <Set name="Port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name="truststore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set> <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> </New> </Arg> </Call>
If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.
Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:
- keystoreType - default value: "JKS"
- trustStoreType - default value: "JKS"
- sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
- sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
- secureRandomAlgorithm - default value is null
- provider - defaults to the SunJSSE provider
- protocol - default value is "TLS"
- excludeCipherSuites - see [/display/JETTY/SSL+Cipher+Suites SSL Cipher Suites]
reference http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE