mirror of https://github.com/apache/lucene.git
53 lines
2.7 KiB
XML
53 lines
2.7 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
|
|
|
<!-- ============================================================= -->
|
|
<!-- Configure a TLS (SSL) Context Factory -->
|
|
<!-- This configuration must be used in conjunction with jetty.xml -->
|
|
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
|
|
<!-- ============================================================= -->
|
|
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
|
<Call class="org.apache.solr.util.configuration.SSLConfigurationsFactory" name="current">
|
|
<Get name="keyStorePassword" id="keyStorePassword"/>
|
|
<Get name="trustStorePassword" id="trustStorePassword"/>
|
|
</Call>
|
|
<Set name="KeyStorePath"><Property name="solr.jetty.keystore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
|
<Set name="KeyStorePassword"><Ref refid="keyStorePassword"/></Set>
|
|
<Set name="TrustStorePath"><Property name="solr.jetty.truststore" default="./etc/solr-ssl.keystore.jks"/></Set>
|
|
<Set name="TrustStorePassword"><Ref refid="trustStorePassword"/></Set>
|
|
<Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
|
|
<Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
|
|
<Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" default="JKS"/></Set>
|
|
<Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" default="JKS"/></Set>
|
|
<Set name="excludeProtocols">
|
|
<Array type="java.lang.String">
|
|
<Item>SSLv3</Item>
|
|
</Array>
|
|
</Set>
|
|
<Set name="ExcludeCipherSuites">
|
|
<Array type="String">
|
|
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
|
|
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
|
|
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
|
|
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
|
|
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
|
|
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
|
|
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
|
|
</Array>
|
|
</Set>
|
|
|
|
<!-- =========================================================== -->
|
|
<!-- Create a TLS specific HttpConfiguration based on the -->
|
|
<!-- common HttpConfiguration defined in jetty.xml -->
|
|
<!-- Add a SecureRequestCustomizer to extract certificate and -->
|
|
<!-- session information -->
|
|
<!-- =========================================================== -->
|
|
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
|
|
<Arg><Ref refid="httpConfig"/></Arg>
|
|
<Call name="addCustomizer">
|
|
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
|
|
</Call>
|
|
</New>
|
|
|
|
</Configure>
|