SSL configuration for web console, Ports and Ciphers, Usage of Variables in JBoss Fuse
Issue
- Due to the results of security check we need to restrict the cipher list.
-
In the documentation we found the link here which doesn't cover this issue. Additionally we found this link.
-
Per default a connector of type
org.eclipse.jetty.server.nio.SelectChannelConnectorcould be found in jetty.xml. -
We wonder how this one was working to provide ssl, does it implicitly use properties of
org.ops4j.pax.web.cfg? (like where is the keystore, what is the password) ? - To restrict ciphers we had to change the connector to type
org.eclipse.jetty.server.ssl.SslSocketConnectorto configure a SSLContextFactory including cipher list. -
Now we do have to explicitly put in values for keystore, password etc. How can we use variables, those one defined
org.ops4j.pax.web.cfgor even those we use there? -
Additionally we would like to know more about the port settings. Where does
jetty.portcome from? Using other ports inorg.ops4j.pax.web.cfgdoes not deactivate this default port but enables another one in parallel?
In etc/org.ops4j.pax.web.cfg,
org.osgi.service.http.enabled=false
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=${keyStore}
org.ops4j.pax.web.ssl.password=${keyStorePassword}
org.ops4j.pax.web.ssl.keypassword=${keyStorePassword}
org.ops4j.pax.web.ssl.clientauthwanted=false
org.ops4j.pax.web.ssl.clientauthneeded=false
org.ops4j.pax.web.config.file=${base}/etc/jetty.xml
Environment
- Red Hat JBoss A-MQ
- 6.0.0
- Red Hat JBoss Fuse
- 6.0.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
