1 # ---------------------------------------
5 ### TLS(SSL) Connector Configuration
7 ## Connector host/address to bind to
8 # jetty.ssl.host=0.0.0.0
10 ## Connector port to listen on
11 jetty.ssl.port=<%= @https_port %>
13 ## Connector idle timeout in milliseconds
14 # jetty.ssl.idleTimeout=30000
16 ## Connector socket linger time in seconds (-1 to disable)
17 # jetty.ssl.soLingerTime=-1
19 ## Number of acceptors (-1 picks default based on number of cores)
20 # jetty.ssl.acceptors=-1
22 ## Number of selectors (-1 picks default based on number of cores)
23 # jetty.ssl.selectors=-1
25 ## ServerSocketChannel backlog (0 picks platform default)
26 # jetty.ssl.acceptorQueueSize=0
28 ## Thread priority delta to give to acceptor threads
29 # jetty.ssl.acceptorPriorityDelta=0
31 ## Whether request host names are checked to match any SNI names
32 # jetty.ssl.sniHostCheck=true
34 ## max age in seconds for a Strict-Transport-Security response header (default -1)
35 # jetty.ssl.stsMaxAgeSeconds=31536000
37 ## include subdomain property in any Strict-Transport-Security header (default false)
38 # jetty.ssl.stsIncludeSubdomains=true
40 ### SslContextFactory Configuration
41 ## Note that OBF passwords are not secure, just protected from casual observation
42 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
44 ## Keystore file path (relative to $jetty.base)
45 <% unless @keystore_path.nil? || @keystore_path.strip.empty? -%>
46 jetty.sslContext.keyStorePath=<%= @keystore_path %>
49 ## Truststore file path (relative to $jetty.base)
50 <% unless @truststore_path.nil? || @truststore_path.strip.empty? -%>
51 jetty.sslContext.trustStorePath=<%= @truststore_path %>
55 <% unless @keystore_password.nil? || @keystore_password.strip.empty? -%>
56 jetty.sslContext.keyStorePassword=<%= @keystore_password %>
59 ## Keystore type and provider
60 # jetty.sslContext.keyStoreType=JKS
61 # jetty.sslContext.keyStoreProvider=
63 ## KeyManager password
64 <% unless @keystore_password.nil? || @keystore_password.strip.empty? -%>
65 jetty.sslContext.keyManagerPassword=<%= @keystore_password %>
68 ## Truststore password
69 # tp<%= @truststore_password %>end
70 # kp<%= @keystore_password %>end
71 <% unless @truststore_password.nil? || @truststore_password.strip.empty? -%>
72 jetty.sslContext.trustStorePassword=<%= @truststore_password %>
75 ## Truststore type and provider
76 # jetty.sslContext.trustStoreType=JKS
77 # jetty.sslContext.trustStoreProvider=
79 ## whether client certificate authentication is required
80 jetty.sslContext.needClientAuth=<%= !@truststore_password.nil? && !@truststore_password.strip.empty? %>
82 ## Whether client certificate authentication is desired
83 # jetty.sslContext.wantClientAuth=false
85 ## Whether cipher order is significant (since java 8 only)
86 # jetty.sslContext.useCipherSuitesOrder=true
88 ## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
89 ## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
91 ## Set the size of the SslSession cache
92 # jetty.sslContext.sslSessionCacheSize=-1
94 ## Set the timeout (in seconds) of the SslSession cache timeout
95 # jetty.sslContext.sslSessionTimeout=-1
97 ## Allow SSL renegotiation
98 # jetty.sslContext.renegotiationAllowed=true
99 # jetty.sslContext.renegotiationLimit=5