Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Jetty/Howto/Configure SSL Connectors"
(New page: {{Jetty Howto | introduction = An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class t...) |
m |
||
Line 1: | Line 1: | ||
{{Jetty Howto | {{Jetty Howto | ||
| introduction = | | introduction = | ||
+ | |||
+ | {{note|Note: This method of configuring SSL connectors is deprecated as of Jetty 7.3.1. For current information, refer to [[/Jetty/Reference/SSL_Connectors|Configuring Jetty Connectors]].}} | ||
+ | |||
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector". | An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector". | ||
Revision as of 16:23, 20 May 2011
Introduction
An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".
<Call name=eclipse"addConnector"eclipse> <Arg> <New class=eclipse"org.eclipse.jetty.server.ssl.SslSocketConnector"eclipse> <Set name=eclipse"Port"eclipse>8443</Set> <Set name=eclipse"maxIdleTime"eclipse>30000</Set> <Set name=eclipse"keystore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set> <Set name=eclipse"password"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name=eclipse"keyPassword"eclipse>OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name=eclipse"truststore"eclipse><SystemProperty name=eclipse"jetty.home"eclipse eclipsedefaulteclipse<nowiki>=</nowiki>eclipse"."eclipse />/etc/keystore</Set> <Set name=eclipse"trustPassword"eclipse>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> </New> </Arg> </Call>
If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.
Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:
- keystoreType - default value: "JKS"
- trustStoreType - default value: "JKS"
- sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
- sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
- secureRandomAlgorithm - default value is null
- provider - defaults to the SunJSSE provider
- protocol - default value is "TLS"
- excludeCipherSuites - see [/display/JETTY/SSL+Cipher+Suites SSL Cipher Suites]
reference http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE