jetty_conf/jetty-ssl.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd" >
<Configure id="Server" class="org.eclipse.jetty.server.Server">
  <!-- ============================================================= -->
  <!-- TLS context factory without client auth                  -->
  <!-- ============================================================= -->
  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="KeyStorePath">
      <Property name="jetty.keystore" />
    </Set>
    <Set name="KeyStoreType">
      <Property name="jetty.keystore.type" />
    </Set>
    <Set name="KeyStorePassword">
      <Property name="jetty.keystore.password" />
    </Set>
    <Set name="EndpointIdentificationAlgorithm" />
    <Set name="NeedClientAuth">false</Set>
    <Set name="WantClientAuth">false</Set>
    <Set name="excludeProtocols">
      <Array type="String">
        <Item>SSLv3</Item>
      </Array>
    </Set>
    <Set name="IncludeCipherSuites">
      <Array type="String">
        <Item>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</Item>
        <Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item>
        <Item>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</Item>
        <Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
        <Item>TLS_RSA_WITH_AES_256_GCM_SHA256</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
        <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
        <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
        <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
        <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
        <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
        <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
        <Item>TLS_RSA_WITH_AES_256_CBC_SHA384</Item>
        <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
        <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
      </Array>
    </Set>
  </New>
  <!-- =========================================================== -->
  <!-- Create a TLS specific HttpConfiguration based on the   -->
  <!-- common HttpConfiguration defined in jetty.xml          -->
  <!-- Add a SecureRequestCustomizer to extract certificate and    -->
  <!-- session information                                    -->
  <!-- =========================================================== -->
  <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg>
      <Ref refid="httpConfig" />
    </Arg>
    <Call name="addCustomizer">
      <Arg>
        <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
      </Arg>
    </Call>
  </New>
</Configure>