SSL configuration for web console, Ports and Ciphers, Usage of Variables in JBoss Fuse

Issue

• Due to the results of security check we need to restrict the cipher list.

• In the documentation we found the link here which doesn't cover this issue. Additionally we found this link.

• Per default a connector of type org.eclipse.jetty.server.nio.SelectChannelConnector could be found in jetty.xml.

• We wonder how this one was working to provide ssl, does it implicitly use properties of org.ops4j.pax.web.cfg ? (like where is the keystore, what is the password) ?

• To restrict ciphers we had to change the connector to type org.eclipse.jetty.server.ssl.SslSocketConnector to configure a SSLContextFactory including cipher list.

• Now we do have to explicitly put in values for keystore, password etc. How can we use variables, those one defined org.ops4j.pax.web.cfg or even those we use there?

• Additionally we would like to know more about the port settings. Where does jetty.port come from? Using other ports in org.ops4j.pax.web.cfg does not deactivate this default port but enables another one in parallel?

In etc/org.ops4j.pax.web.cfg,

org.osgi.service.http.enabled=false
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443

org.ops4j.pax.web.ssl.keystore=${keyStore}
org.ops4j.pax.web.ssl.password=${keyStorePassword}
org.ops4j.pax.web.ssl.keypassword=${keyStorePassword}
org.ops4j.pax.web.ssl.clientauthwanted=false
org.ops4j.pax.web.ssl.clientauthneeded=false

org.ops4j.pax.web.config.file=${base}/etc/jetty.xml