diff options
Diffstat (limited to 'jetty_conf/jetty-ssl.xml')
| -rw-r--r-- | jetty_conf/jetty-ssl.xml | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/jetty_conf/jetty-ssl.xml b/jetty_conf/jetty-ssl.xml new file mode 100644 index 0000000..b822ae5 --- /dev/null +++ b/jetty_conf/jetty-ssl.xml @@ -0,0 +1,64 @@ +<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd" >
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+ <!-- ============================================================= -->
+ <!-- TLS context factory without client auth -->
+ <!-- ============================================================= -->
+ <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath">
+ <Property name="jetty.keystore" />
+ </Set>
+ <Set name="KeyStoreType">
+ <Property name="jetty.keystore.type" />
+ </Set>
+ <Set name="KeyStorePassword">
+ <Property name="jetty.keystore.password" />
+ </Set>
+ <Set name="EndpointIdentificationAlgorithm" />
+ <Set name="NeedClientAuth">false</Set>
+ <Set name="WantClientAuth">false</Set>
+ <Set name="excludeProtocols">
+ <Array type="String">
+ <Item>SSLv3</Item>
+ </Array>
+ </Set>
+ <Set name="IncludeCipherSuites">
+ <Array type="String">
+ <Item>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</Item>
+ <Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
+ <Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
+ <Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
+ <Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
+ <Item>TLS_RSA_WITH_AES_256_GCM_SHA256</Item>
+ <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Item>
+ <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</Item>
+ <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
+ <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
+ <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
+ <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
+ <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
+ <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
+ <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
+ <Item>TLS_RSA_WITH_AES_256_CBC_SHA384</Item>
+ <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
+ <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
+ </Array>
+ </Set>
+ </New>
+ <!-- =========================================================== -->
+ <!-- Create a TLS specific HttpConfiguration based on the -->
+ <!-- common HttpConfiguration defined in jetty.xml -->
+ <!-- Add a SecureRequestCustomizer to extract certificate and -->
+ <!-- session information -->
+ <!-- =========================================================== -->
+ <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Arg>
+ <Ref refid="httpConfig" />
+ </Arg>
+ <Call name="addCustomizer">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
+ </Arg>
+ </Call>
+ </New>
+</Configure> |