Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Jetty/Howto/Configure SSL Connectors"
(New page: {{Jetty Howto | introduction = An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class t...) |
(No difference)
|
Revision as of 17:00, 18 May 2011
Introduction
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".
<Call name=eclipse"addConnector"eclipse> <Arg> <New class=eclipse"org.eclipse.jetty.server.ssl.SslSocketConnector"eclipse> <Set name=eclipse"Port"eclipse>8443</Set> <Set name=eclipse"maxIdleTime"eclipse>30000</Set> <Set name=eclipse"keystore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set> <Set name=eclipse"password"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name=eclipse"keyPassword"eclipse>OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name=eclipse"truststore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set> <Set name=eclipse"trustPassword"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> </New> </Arg> </Call>
If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.
Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:
- keystoreType - default value: "JKS"
- trustStoreType - default value: "JKS"
- sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
- sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
- secureRandomAlgorithm - default value is null
- provider - defaults to the SunJSSE provider
- protocol - default value is "TLS"
- excludeCipherSuites - see [/display/JETTY/SSL+Cipher+Suites SSL Cipher Suites]
reference http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE