lucene/solr/server/etc/jetty-ssl.xml

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">

<!-- ============================================================= -->
<!-- Base SSL configuration                                        -->
<!-- This configuration needs to be used together with 1 or more   -->
<!-- of jetty-https.xml, jetty-spdy.xml and/or jetty-http2.xml     -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <!-- =========================================================== -->
  <!-- Add a SSL Connector with no protocol factories              -->
  <!-- =========================================================== -->
  <Call  name="addConnector">
    <Arg>
      <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int"><Property name="ssl.acceptors" default="-1"/></Arg>
        <Arg name="selectors" type="int"><Property name="ssl.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <!-- uncomment to support proxy protocol
	    <Item>
              <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
            </Item>-->
          </Array>
        </Arg>

        <Set name="host"><Property name="jetty.host" /></Set>
        <Set name="port"><Property name="ssl.port" default="443" /></Set>
        <Set name="idleTimeout"><Property name="ssl.timeout" default="30000"/></Set>
        <Set name="soLingerTime"><Property name="ssl.soLingerTime" default="-1"/></Set>
        <Set name="acceptorPriorityDelta"><Property name="ssl.acceptorPriorityDelta" default="0"/></Set>
        <Set name="selectorPriorityDelta"><Property name="ssl.selectorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize"><Property name="ssl.acceptQueueSize" default="0"/></Set>
      </New>
    </Arg>
  </Call>

  <!-- ============================================================= -->
  <!-- Create a TLS (SSL) Context Factory  for later reuse           -->
  <!-- ============================================================= -->
  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
    <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
    <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
    <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>
    <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
    <Set name="EndpointIdentificationAlgorithm"></Set>
    <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
    <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
    <Set name="ExcludeCipherSuites">
      <Array type="String">
        <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
        <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
        <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
      </Array>
    </Set>
  </New>

  <!-- =========================================================== -->
  <!-- Create a TLS specific HttpConfiguration based on the        -->
  <!-- common HttpConfiguration defined in jetty.xml               -->
  <!-- Add a SecureRequestCustomizer to extract certificate and    -->
  <!-- session information                                         -->
  <!-- =========================================================== -->
  <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg><Ref refid="httpConfig"/></Arg>
    <Call name="addCustomizer">
      <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
    </Call>
  </New>

</Configure>
SOLR-4839: Upgrade to Jetty 9 git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1649552 13f79535-47bb-0310-9956-ffa450edef68 2015-01-05 10:45:58 -05:00			`<?xml version="1.0"?>`
			`<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">`

			`<!-- ============================================================= -->`
			`<!-- Base SSL configuration -->`
			`<!-- This configuration needs to be used together with 1 or more -->`
			`<!-- of jetty-https.xml, jetty-spdy.xml and/or jetty-http2.xml -->`
			`<!-- ============================================================= -->`
			`<Configure id="Server" class="org.eclipse.jetty.server.Server">`

			`<!-- =========================================================== -->`
			`<!-- Add a SSL Connector with no protocol factories -->`
			`<!-- =========================================================== -->`
			`<Call name="addConnector">`
			`<Arg>`
			`<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">`
			`<Arg name="server"><Ref refid="Server" /></Arg>`
			`<Arg name="acceptors" type="int"><Property name="ssl.acceptors" default="-1"/></Arg>`
			`<Arg name="selectors" type="int"><Property name="ssl.selectors" default="-1"/></Arg>`
			`<Arg name="factories">`
			`<Array type="org.eclipse.jetty.server.ConnectionFactory">`
			`<!-- uncomment to support proxy protocol`
			`<Item>`
			`<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>`
			`</Item>-->`
			`</Array>`
			`</Arg>`

			`<Set name="host"><Property name="jetty.host" /></Set>`
			`<Set name="port"><Property name="ssl.port" default="443" /></Set>`
			`<Set name="idleTimeout"><Property name="ssl.timeout" default="30000"/></Set>`
			`<Set name="soLingerTime"><Property name="ssl.soLingerTime" default="-1"/></Set>`
			`<Set name="acceptorPriorityDelta"><Property name="ssl.acceptorPriorityDelta" default="0"/></Set>`
			`<Set name="selectorPriorityDelta"><Property name="ssl.selectorPriorityDelta" default="0"/></Set>`
			`<Set name="acceptQueueSize"><Property name="ssl.acceptQueueSize" default="0"/></Set>`
			`</New>`
			`</Arg>`
			`</Call>`

			`<!-- ============================================================= -->`
			`<!-- Create a TLS (SSL) Context Factory for later reuse -->`
			`<!-- ============================================================= -->`
			`<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">`
			`<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>`
			`<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>`
			`<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>`
			`<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>`
			`<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>`
			`<Set name="EndpointIdentificationAlgorithm"></Set>`
			`<Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>`
			`<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>`
			`<Set name="ExcludeCipherSuites">`
			`<Array type="String">`
			`<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>`
			`<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>`
			`<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>`
			`<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>`
			`<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>`
			`<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>`
			`<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>`
			`</Array>`
			`</Set>`
			`</New>`

			`<!-- =========================================================== -->`
			`<!-- Create a TLS specific HttpConfiguration based on the -->`
			`<!-- common HttpConfiguration defined in jetty.xml -->`
			`<!-- Add a SecureRequestCustomizer to extract certificate and -->`
			`<!-- session information -->`
			`<!-- =========================================================== -->`
			`<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">`
			`<Arg><Ref refid="httpConfig"/></Arg>`
			`<Call name="addCustomizer">`
			`<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>`
			`</Call>`
			`</New>`

			`</Configure>`