2015-01-05 10:45:58 -05:00
|
|
|
<?xml version="1.0"?>
|
|
|
|
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
|
|
|
|
|
|
|
<!-- ============================================================= -->
|
2015-04-22 07:35:31 -04:00
|
|
|
<!-- Configure a TLS (SSL) Context Factory -->
|
|
|
|
<!-- This configuration must be used in conjunction with jetty.xml -->
|
|
|
|
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
|
2015-01-05 10:45:58 -05:00
|
|
|
<!-- ============================================================= -->
|
2015-04-22 07:35:31 -04:00
|
|
|
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
2015-04-26 08:44:20 -04:00
|
|
|
<Set name="KeyStorePath"><Property name="solr.jetty.keystore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
2017-05-16 12:59:29 -04:00
|
|
|
<Set name="KeyStorePassword"><Env name="SOLR_SSL_KEY_STORE_PASSWORD" default="secret"/></Set>
|
2015-04-26 08:44:20 -04:00
|
|
|
<Set name="TrustStorePath"><Property name="solr.jetty.truststore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
2017-05-16 12:59:29 -04:00
|
|
|
<Set name="TrustStorePassword"><Env name="SOLR_SSL_TRUST_STORE_PASSWORD" default="secret"/></Set>
|
2015-04-26 08:44:20 -04:00
|
|
|
<Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
|
|
|
|
<Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
|
2016-11-22 14:22:16 -05:00
|
|
|
<Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" default="JKS"/></Set>
|
|
|
|
<Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" default="JKS"/></Set>
|
2015-04-27 14:09:51 -04:00
|
|
|
<Set name="excludeProtocols">
|
|
|
|
<Array type="java.lang.String">
|
|
|
|
<Item>SSLv3</Item>
|
|
|
|
</Array>
|
|
|
|
</Set>
|
2015-04-22 07:35:31 -04:00
|
|
|
<Set name="ExcludeCipherSuites">
|
|
|
|
<Array type="String">
|
|
|
|
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
|
|
|
|
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
|
|
|
|
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
|
|
|
|
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
|
|
|
|
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
|
|
|
|
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
|
|
|
|
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
|
|
|
|
</Array>
|
|
|
|
</Set>
|
2015-01-05 10:45:58 -05:00
|
|
|
|
|
|
|
<!-- =========================================================== -->
|
|
|
|
<!-- Create a TLS specific HttpConfiguration based on the -->
|
|
|
|
<!-- common HttpConfiguration defined in jetty.xml -->
|
|
|
|
<!-- Add a SecureRequestCustomizer to extract certificate and -->
|
|
|
|
<!-- session information -->
|
|
|
|
<!-- =========================================================== -->
|
|
|
|
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
|
|
|
|
<Arg><Ref refid="httpConfig"/></Arg>
|
|
|
|
<Call name="addCustomizer">
|
|
|
|
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
|
|
|
|
</Call>
|
|
|
|
</New>
|
|
|
|
|
2016-11-22 14:22:16 -05:00
|
|
|
</Configure>
|