| Michael Lando | 451a340 | 2017-02-19 10:28:42 +0200 | [diff] [blame] | 1 | <?xml version="1.0"?> |
| 2 | <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> |
| 3 | |
| 4 | <!-- ============================================================= --> |
| 5 | <!-- Configure a TLS (SSL) Context Factory --> |
| 6 | <!-- This configuration must be used in conjunction with jetty.xml --> |
| 7 | <!-- and either jetty-https.xml or jetty-spdy.xml (but not both) --> |
| 8 | <!-- ============================================================= --> |
| 9 | <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> |
| 10 | <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set> |
| 11 | <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> |
| 12 | <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set> |
| 13 | <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set> |
| 14 | <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> |
| 15 | <Set name="EndpointIdentificationAlgorithm"></Set> |
| 16 | <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set> |
| 17 | <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set> |
| 18 | <Set name="ExcludeCipherSuites"> |
| 19 | <Array type="String"> |
| 20 | <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> |
| 21 | <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> |
| 22 | <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> |
| 23 | <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> |
| 24 | <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> |
| 25 | <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> |
| 26 | <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> |
| 27 | </Array> |
| 28 | </Set> |
| 29 | |
| 30 | <!-- =========================================================== --> |
| 31 | <!-- Create a TLS specific HttpConfiguration based on the --> |
| 32 | <!-- common HttpConfiguration defined in jetty.xml --> |
| 33 | <!-- Add a SecureRequestCustomizer to extract certificate and --> |
| 34 | <!-- session information --> |
| 35 | <!-- =========================================================== --> |
| 36 | <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> |
| 37 | <Arg><Ref refid="httpConfig"/></Arg> |
| 38 | <Call name="addCustomizer"> |
| 39 | <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> |
| 40 | </Call> |
| 41 | </New> |
| 42 | |
| 43 | <Set name="ExcludeProtocols"> |
| 44 | <Array type="java.lang.String"> |
| 45 | <Item>SSLv3</Item> |
| 46 | <Item>SSLv2</Item> |
| 47 | </Array> |
| 48 | </Set> |
| 49 | |
| 50 | |
| 51 | </Configure> |