Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Jetty/Howto/Configure SSL Connectors"

< Jetty‎ | Howto
(New page: {{Jetty Howto | introduction = An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class t...)
 
m (Formatting for XML snippet was messed up.)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
{{Jetty Howto
 
{{Jetty Howto
 
| introduction =  
 
| introduction =  
 +
 +
{{note|Note: This method of configuring SSL connectors is deprecated as of Jetty 7.3.1. For current information, refer to [[/Jetty/Reference/SSL_Connectors|Configuring Jetty Connectors]].}}
 +
 
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".
 
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".
  
 
<source lang="XML">
 
<source lang="XML">
  
+
<Call name="addConnector">
<Call name=eclipse"addConnector"eclipse>
+
  <Arg>
    <Arg>
+
    <New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
      <New class=eclipse"org.eclipse.jetty.server.ssl.SslSocketConnector"eclipse>
+
      <Set name="Port">8443</Set>
        <Set name=eclipse"Port"eclipse>8443</Set>
+
      <Set name="maxIdleTime">30000</Set>
        <Set name=eclipse"maxIdleTime"eclipse>30000</Set>
+
      <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
        <Set name=eclipse"keystore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set>
+
      <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
        <Set name=eclipse"password"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
+
      <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
        <Set name=eclipse"keyPassword"eclipse>OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
+
      <Set name="truststore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
        <Set name=eclipse"truststore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set>
+
      <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
        <Set name=eclipse"trustPassword"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
+
    </New>
      </New>
+
  </Arg>
    </Arg>
+
</Call>
  </Call>
+
  
 
</source>
 
</source>

Latest revision as of 00:35, 10 June 2011



Introduction

Note.png
Note: This method of configuring SSL connectors is deprecated as of Jetty 7.3.1. For current information, refer to Configuring Jetty Connectors.


An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".

<Call name="addConnector">
  <Arg>
    <New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
      <Set name="Port">8443</Set>
      <Set name="maxIdleTime">30000</Set>
      <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
      <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
      <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
      <Set name="truststore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
      <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
    </New>
  </Arg>
</Call>

If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.

Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:

  • keystoreType - default value: "JKS"
  • trustStoreType - default value: "JKS"
  • sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • secureRandomAlgorithm - default value is null
  • provider - defaults to the SunJSSE provider
  • protocol - default value is "TLS"
  • excludeCipherSuites - see [/display/JETTY/SSL+Cipher+Suites SSL Cipher Suites]

reference http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE

Back to the top