Dashboard > Jetty > ... > Connectors > Ssl Connector Guide
Ssl Connector Guide Log In | Sign Up   View a printable version of the current page.

Added by ngonzalez , last edited by Dexter Ang on Feb 19, 2008  (view change)
Labels: 
(None)

Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery

THE JETTY SSL CONNECTORS

There are 2 ssl connectors in jetty-- SslSocketConnector and the SslSelectChannelConnector. The SslSocketConnector is built on top of the Jetty SocketConnector which is Jetty's implementation of a blocking connector. It makes use of java's SslSocket to add the security layer. On the other hand, SslSelectChannelConnector is an extension of Jetty's SelectChannelConnector which makes use of non-blocking IO. For its security layer, it uses java nio SslEngine. Both Connectors can be configured in the same way. Only difference is in the implementation.

CONFIGURATION

The following is an example of an SslSocketConnector configuration. An SslSelectChannelConnector may be configured the same way-- just change the value of class to "org.mortbay.jetty.security.SslSelectChannelConnector".

<Call name="addConnector">
    <Arg>
      <New class="org.mortbay.jetty.security.SslSocketConnector">
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
        <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
        <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
        <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
        <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
      </New>
    </Arg>
  </Call>

If there is no value for "keyPassword" and "trustPassword", the ssl connector will use the value specified for "password". If there is no value for the "truststore", it will use the "keystore" value. Passwords can be obfuscated by running org.mortbay.util.Password as a main class.

Other properties which can be set for SslSocketConnector/SslSelectChannelConnector are:

  • keystoreType - default value: "JKS"
  • trustStoreType - default value: "JKS"
  • sslKeyManagerFactoryAlgorithm - set to the value of the "ssl.KeyManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • sslTrustManagerFactoryAlgorithm - set to the value of the "ssl.TrustManagerFactory.algorithm" system property. If there is no such property, this defaults to "SunX509"
  • secureRandomAlgorithm - default value is null
  • provider - defaults to the SunJSSE provider
  • protocol - default value is "TLS"
  • excludeCipherSuites - see SSL Cipher Suites

reference http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE

Comments  Hide Comments
Craig Clermont
Jul 10, 2007 11:17

Hello Nik or anybody who knows the answer to this question:

   "Should the above solution work in Jetty version 4?"

Thanks!

Craig
Site running on a free Atlassian Confluence Open Source Project License granted to The Codehaus. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.6.2 Build:#919 Nov 26, 2007) - Bug/feature request - Contact Administrators