-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
ssl.mod
137 lines (96 loc) · 4.28 KB
/
ssl.mod
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# DO NOT EDIT - See: https://www.eclipse.org/jetty/documentation/current/startup-modules.html
[description]
Enables a TLS(SSL) Connector on the server.
This may be used for HTTPS and/or HTTP2 by enabling
the associated support modules.
[tags]
connector
ssl
[depend]
server
[xml]
etc/jetty-ssl.xml
etc/jetty-ssl-context.xml
[files]
basehome:modules/ssl/keystore|etc/keystore
[ini-template]
### TLS(SSL) Connector Configuration
## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0
## Connector port to listen on
# jetty.ssl.port=8443
## Connector idle timeout in milliseconds
# jetty.ssl.idleTimeout=30000
## Number of acceptors (-1 picks default based on number of cores)
# jetty.ssl.acceptors=-1
## Number of selectors (-1 picks default based on number of cores)
# jetty.ssl.selectors=-1
## ServerSocketChannel backlog (0 picks platform default)
# jetty.ssl.acceptQueueSize=0
## Thread priority delta to give to acceptor threads
# jetty.ssl.acceptorPriorityDelta=0
## The requested maximum length of the queue of incoming connections.
# jetty.ssl.acceptQueueSize=0
## Enable/disable the SO_REUSEADDR socket option.
# jetty.ssl.reuseAddress=true
## Enable/disable TCP_NODELAY on accepted sockets.
# jetty.ssl.acceptedTcpNoDelay=true
## The SO_RCVBUF option to set on accepted sockets. A value of -1 indicates that it is left to its default value.
# jetty.ssl.acceptedReceiveBufferSize=-1
## The SO_SNDBUF option to set on accepted sockets. A value of -1 indicates that it is left to its default value.
# jetty.ssl.acceptedSendBufferSize=-1
## Connect Timeout in milliseconds
# jetty.ssl.connectTimeout=15000
## Whether SNI is required for all secure connections. Rejections are in TLS handshakes.
# jetty.sslContext.sniRequired=false
## Whether SNI is required for all secure connections. Rejections are in HTTP 400 response.
# jetty.ssl.sniRequired=false
## Whether request host names are checked to match any SNI names
# jetty.ssl.sniHostCheck=true
## max age in seconds for a Strict-Transport-Security response header (default -1)
# jetty.ssl.stsMaxAgeSeconds=31536000
## include subdomain property in any Strict-Transport-Security header (default false)
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation
## See https://eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
#jetty.sslContext.endpointIdentificationAlgorithm=
## SSL JSSE Provider
# jetty.sslContext.provider=
## KeyStore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=etc/keystore
## KeyStore absolute file path
# jetty.sslContext.keyStoreAbsolutePath=${jetty.base}/etc/keystore
## TrustStore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=etc/keystore
## TrustStore absolute file path
# jetty.sslContext.trustStoreAbsolutePath=${jetty.base}/etc/keystore
## KeyStore password
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## KeyStore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
## TrustStore password
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## TrustStore type and provider
# jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=
## whether client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Whether client certificate authentication is desired
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true
## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
## Set the size of the SslSession cache
# jetty.sslContext.sslSessionCacheSize=-1
## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1
## Allow SSL renegotiation
# jetty.sslContext.renegotiationAllowed=true
# jetty.sslContext.renegotiationLimit=5