58 lines
3.2 KiB
XML
58 lines
3.2 KiB
XML
<?xml version="1.0"?>
|
||
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||
<!-- ============================================================= -->
|
||
<!-- Configure a TLS (SSL) Context Factory -->
|
||
<!-- This configuration must be used in conjunction with jetty.xml -->
|
||
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
|
||
<!-- ============================================================= -->
|
||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||
<Set name="KeyStorePath"><Property name="maven.project.build.directory.test-classes" default="." />/<Property name="jetty.keystore" default="keystore"/></Set>
|
||
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="wicket"/></Set>
|
||
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="wicket"/></Set>
|
||
<Set name="EndpointIdentificationAlgorithm"></Set>
|
||
<Set name="ExcludeCipherSuites">
|
||
<Array type="String">
|
||
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
|
||
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
|
||
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
|
||
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
|
||
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
|
||
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
|
||
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_256_GCM_SHA384</Item>
|
||
<Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
|
||
<Item>TLS_RSA_WITH_AES_256_CBC_SHA256</Item>
|
||
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
|
||
<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
|
||
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
|
||
</Array>
|
||
</Set>
|
||
<!-- =========================================================== -->
|
||
<!-- Create a TLS specific HttpConfiguration based on the -->
|
||
<!-- common HttpConfiguration defined in jetty.xml -->
|
||
<!-- Add a SecureRequestCustomizer to extract certificate and -->
|
||
<!-- session information -->
|
||
<!-- =========================================================== -->
|
||
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
|
||
<Arg><Ref refid="httpConfig"/></Arg>
|
||
<Call name="addCustomizer">
|
||
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
|
||
</Call>
|
||
</New>
|
||
</Configure>
|