Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: for the plan.

Jump to: navigation, search

Jetty/Howto/Configure SSL Connectors

< Jetty‎ | Howto
Revision as of 00:35, 10 June 2011 by Unnamed Poltroon (Talk) (Formatting for XML snippet was messed up.)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Note: This method of configuring SSL connectors is deprecated as of Jetty 7.3.1. For current information, refer to Configuring Jetty Connectors.

An example of an SslSocketConnector configuration follows. You can configure an SslSelectChannelConnector in the same way-- just change the value of class to "org.eclipse.jetty.server.ssl.SslSelectChannelConnector".

<Call name="addConnector">
    <New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
      <Set name="Port">8443</Set>
      <Set name="maxIdleTime">30000</Set>
      <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
      <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
      <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
      <Set name="truststore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
      <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>

If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.

Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:

  • keystoreType - default value: "JKS"
  • trustStoreType - default value: "JKS"
  • sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • secureRandomAlgorithm - default value is null
  • provider - defaults to the SunJSSE provider
  • protocol - default value is "TLS"
  • excludeCipherSuites - see [/display/JETTY/SSL+Cipher+Suites SSL Cipher Suites]


Back to the top