Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Jetty/Howto/Configure SSL Connectors"

< Jetty‎ | Howto
(New page: {{Jetty Howto | introduction = An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class t...)
(No difference)

Revision as of 17:00, 18 May 2011



Introduction

An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector". 

 
 <Call name=eclipse"addConnector"eclipse>
     <Arg>
       <New class=eclipse"org.eclipse.jetty.server.ssl.SslSocketConnector"eclipse>
         <Set name=eclipse"Port"eclipse>8443</Set>
         <Set name=eclipse"maxIdleTime"eclipse>30000</Set>
         <Set name=eclipse"keystore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set>
         <Set name=eclipse"password"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
         <Set name=eclipse"keyPassword"eclipse>OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
         <Set name=eclipse"truststore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set>
         <Set name=eclipse"trustPassword"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
       </New>
     </Arg>
   </Call>

If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.

Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:

  • keystoreType - default value: "JKS"
  • trustStoreType - default value: "JKS"
  • sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • secureRandomAlgorithm - default value is null
  • provider - defaults to the SunJSSE provider
  • protocol - default value is "TLS"
  • excludeCipherSuites - see [/display/JETTY/SSL+Cipher+Suites SSL Cipher Suites]

reference http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE

Retrieved from "https://wiki.eclipse.org/index.php?title=Jetty/Howto/Configure_SSL_Connectors&oldid=251122"

Back to the top