| <?xml version="1.0"?> |
| <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd"> |
| |
| <!-- ============================================================= --> |
| <!-- Base SSL configuration --> |
| <!-- This configuration needs to be used together with 1 or more --> |
| <!-- of jetty-https.xml and/or jetty-http2.xml --> |
| <!-- ============================================================= --> |
| <Configure id="Server" class="org.eclipse.jetty.server.Server"> |
| |
| <!-- =========================================================== --> |
| <!-- Add a SSL Connector with no protocol factories --> |
| <!-- =========================================================== --> |
| <Call name="addConnector"> |
| <Arg> |
| <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"> |
| <Arg name="server"><Ref refid="Server" /></Arg> |
| <Arg name="factories"> |
| <Array type="org.eclipse.jetty.server.ConnectionFactory"> |
| </Array> |
| </Arg> |
| <Set name="host"><Property name="jetty.ssl.host" /></Set> |
| <Set name="port"><Property name="jetty.ssl.port" default="443" /></Set> |
| <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" default="30000"/></Set> |
| <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" default="-1"/></Set> |
| </New> |
| </Arg> |
| </Call> |
| |
| <!-- ============================================================= --> |
| <!-- Create a TLS (SSL) Context Factory for later reuse --> |
| <!-- ============================================================= --> |
| <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> |
| <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set> |
| <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> |
| <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set> |
| <Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> |
| <Set name="EndpointIdentificationAlgorithm"></Set> |
| <Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" default="false"/></Set> |
| <Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" default="false"/></Set> |
| <Set name="ExcludeCipherSuites"> |
| <Array type="String"> |
| <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> |
| <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> |
| <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> |
| <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> |
| <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> |
| <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> |
| <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> |
| </Array> |
| </Set> |
| </New> |
| |
| <!-- =========================================================== --> |
| <!-- Create a TLS specific HttpConfiguration based on the --> |
| <!-- common HttpConfiguration defined in jetty.xml --> |
| <!-- Add a SecureRequestCustomizer to extract certificate and --> |
| <!-- session information --> |
| <!-- =========================================================== --> |
| <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> |
| <Arg><Ref refid="httpConfig"/></Arg> |
| <Call name="addCustomizer"> |
| <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> |
| </Call> |
| </New> |
| |
| </Configure> |