blob: d3c8bc187c301a5b60e2af3b78020e94dd482eed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
# ---------------------------------------
# Module: ssl
--module=ssl
### TLS(SSL) Connector Configuration
## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0
## Connector port to listen on
jetty.ssl.port=<%= @https_port %>
## Connector idle timeout in milliseconds
# jetty.ssl.idleTimeout=30000
## Connector socket linger time in seconds (-1 to disable)
# jetty.ssl.soLingerTime=-1
## Number of acceptors (-1 picks default based on number of cores)
# jetty.ssl.acceptors=-1
## Number of selectors (-1 picks default based on number of cores)
# jetty.ssl.selectors=-1
## ServerSocketChannel backlog (0 picks platform default)
# jetty.ssl.acceptorQueueSize=0
## Thread priority delta to give to acceptor threads
# jetty.ssl.acceptorPriorityDelta=0
## Whether request host names are checked to match any SNI names
# jetty.ssl.sniHostCheck=true
## max age in seconds for a Strict-Transport-Security response header (default -1)
# jetty.ssl.stsMaxAgeSeconds=31536000
## include subdomain property in any Strict-Transport-Security header (default false)
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## Keystore file path (relative to $jetty.base)
<% unless @keystore_path.nil? || @keystore_path.strip.empty? -%>
jetty.sslContext.keyStorePath=<%= @keystore_path %>
<% end -%>
## Truststore file path (relative to $jetty.base)
<% unless @truststore_path.nil? || @truststore_path.strip.empty? -%>
jetty.sslContext.trustStorePath=<%= @truststore_path %>
<% end -%>
## Keystore password
<% unless @keystore_password.nil? || @keystore_password.strip.empty? -%>
jetty.sslContext.keyStorePassword=<%= @keystore_password %>
<% end -%>
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
<% unless @keystore_password.nil? || @keystore_password.strip.empty? -%>
jetty.sslContext.keyManagerPassword=<%= @keystore_password %>
<% end -%>
## Truststore password
# tp<%= @truststore_password %>end
# kp<%= @keystore_password %>end
<% unless @truststore_password.nil? || @truststore_password.strip.empty? -%>
jetty.sslContext.trustStorePassword=<%= @truststore_password %>
<% end -%>
## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required
jetty.sslContext.needClientAuth=<%= !@truststore_password.nil? && !@truststore_password.strip.empty? %>
## Whether client certificate authentication is desired
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true
## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
## Set the size of the SslSession cache
# jetty.sslContext.sslSessionCacheSize=-1
## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1
## Allow SSL renegotiation
# jetty.sslContext.renegotiationAllowed=true
# jetty.sslContext.renegotiationLimit=5
|