-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathssl.ini
121 lines (84 loc) · 4.03 KB
/
ssl.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# ---------------------------------------
# Module: ssl
# Enables a TLS (SSL) connector to support secure protocols.
# Secure HTTP/1.1 is provided by enabling the "https" module and secure HTTP/2 is provided by enabling the "http2" module.
# ---------------------------------------
--module=ssl
### TLS (SSL) Connector Configuration
## The host/address to bind the connector to.
# jetty.ssl.host=0.0.0.0
## The port the connector listens on.
jetty.ssl.port=8443
## The connector idle timeout, in milliseconds.
# jetty.ssl.idleTimeout=30000
## The number of acceptors (-1 picks a default value based on number of cores).
# jetty.ssl.acceptors=-1
## The number of selectors (-1 picks a default value based on number of cores).
# jetty.ssl.selectors=-1
## The ServerSocketChannel accept queue backlog (0 picks the platform default).
# jetty.ssl.acceptQueueSize=0
## The thread priority delta to give to acceptor threads.
# jetty.ssl.acceptorPriorityDelta=0
## Whether to enable the SO_REUSEADDR socket option.
# jetty.ssl.reuseAddress=true
## Whether to enable the TCP_NODELAY socket option on accepted sockets.
# jetty.ssl.acceptedTcpNoDelay=true
## The SO_RCVBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.ssl.acceptedReceiveBufferSize=-1
## The SO_SNDBUF socket option to set on accepted sockets.
## A value of -1 indicates that the platform default is used.
# jetty.ssl.acceptedSendBufferSize=-1
## Whether client SNI data is required for all secure connections.
## When SNI is required, clients that do not send SNI data are rejected with an HTTP 400 response.
jetty.ssl.sniRequired=false
## Whether client SNI data is checked to match CN and SAN in server certificates.
## When SNI is checked, if the match fails the connection is rejected with an HTTP 400 response.
jetty.ssl.sniHostCheck=false
## The max age, in seconds, for the Strict-Transport-Security response header.
# jetty.ssl.stsMaxAgeSeconds=31536000
## Whether to include the subdomain property in any Strict-Transport-Security header.
# jetty.ssl.stsIncludeSubdomains=true
### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation.
## Whether client SNI data is required for all secure connections.
## When SNI is required, clients that do not send SNI data are rejected with a TLS handshake error.
# jetty.sslContext.sniRequired=false
## The Endpoint Identification Algorithm.
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String).
# jetty.sslContext.endpointIdentificationAlgorithm=
## The JSSE Provider.
# jetty.sslContext.provider=
## The KeyStore file path (relative to $JETTY_BASE).
jetty.sslContext.keyStorePath=etc/clientcert.jks
## The TrustStore file path (relative to $JETTY_BASE).
jetty.sslContext.trustStorePath=etc/cacerts.jks
## The KeyStore password.
jetty.sslContext.keyStorePassword=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
## The Keystore type.
#jetty.sslContext.keyStoreType=RSA
## The KeyStore provider.
# jetty.sslContext.keyStoreProvider=
## The KeyManager password.
#jetty.sslContext.keyManagerPassword=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
## The TrustStore password.
jetty.sslContext.trustStorePassword=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
## The TrustStore type.
# jetty.sslContext.trustStoreType=PKCS12
# jetty.sslContext.trustStoreType=RSA
## The TrustStore provider.
# jetty.sslContext.trustStoreProvider=
## Whether client certificate authentication is required.
jetty.sslContext.needClientAuth=true
## Whether client certificate authentication is desired, but not required.
#jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant.
# jetty.sslContext.useCipherSuitesOrder=true
## The SSLSession cache size.
# jetty.sslContext.sslSessionCacheSize=-1
## The SSLSession cache timeout (in seconds).
# jetty.sslContext.sslSessionTimeout=-1
## Whether TLS renegotiation is allowed.
# jetty.sslContext.renegotiationAllowed=true
## The max number of TLS renegotiations per connection.
# jetty.sslContext.renegotiationLimit=5