diff options
author | Michael Lando <ml636r@att.com> | 2017-02-19 10:28:42 +0200 |
---|---|---|
committer | Michael Lando <ml636r@att.com> | 2017-02-19 10:51:01 +0200 |
commit | 451a3400b76511393c62a444f588a4ed15f4a549 (patch) | |
tree | e4f5873a863d1d3e55618eab48b83262f874719d /catalog-be/src/main/resources/jetty-ssl.xml | |
parent | 5abfe4e1fb5fae4bbd5fbc340519f52075aff3ff (diff) |
Initial OpenECOMP SDC commit
Change-Id: I0924d5a6ae9cdc161ae17c68d3689a30d10f407b
Signed-off-by: Michael Lando <ml636r@att.com>
Diffstat (limited to 'catalog-be/src/main/resources/jetty-ssl.xml')
-rw-r--r-- | catalog-be/src/main/resources/jetty-ssl.xml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/catalog-be/src/main/resources/jetty-ssl.xml b/catalog-be/src/main/resources/jetty-ssl.xml new file mode 100644 index 0000000000..9b375087f1 --- /dev/null +++ b/catalog-be/src/main/resources/jetty-ssl.xml @@ -0,0 +1,51 @@ +<?xml version="1.0"?> +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> + +<!-- ============================================================= --> +<!-- Configure a TLS (SSL) Context Factory --> +<!-- This configuration must be used in conjunction with jetty.xml --> +<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) --> +<!-- ============================================================= --> +<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> + <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set> + <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> + <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set> + <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set> + <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set> + <Set name="EndpointIdentificationAlgorithm"></Set> + <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set> + <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set> + <Set name="ExcludeCipherSuites"> + <Array type="String"> + <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> + <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> + <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> + <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> + <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> + <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> + <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> + </Array> + </Set> + + <!-- =========================================================== --> + <!-- Create a TLS specific HttpConfiguration based on the --> + <!-- common HttpConfiguration defined in jetty.xml --> + <!-- Add a SecureRequestCustomizer to extract certificate and --> + <!-- session information --> + <!-- =========================================================== --> + <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> + <Arg><Ref refid="httpConfig"/></Arg> + <Call name="addCustomizer"> + <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> + </Call> + </New> + + <Set name="ExcludeProtocols"> + <Array type="java.lang.String"> + <Item>SSLv3</Item> + <Item>SSLv2</Item> + </Array> + </Set> + + +</Configure> |