SSL configuration for web console, Ports and Ciphers, Usage of Variables in JBoss Fuse
Issue
- Due to the results of security check we need to restrict the cipher list.
-
In the documentation we found the link here which doesn't cover this issue. Additionally we found this link.
-
Per default a connector of type
org.eclipse.jetty.server.nio.SelectChannelConnector
could be found in jetty.xml. -
We wonder how this one was working to provide ssl, does it implicitly use properties of
org.ops4j.pax.web.cfg
? (like where is the keystore, what is the password) ? - To restrict ciphers we had to change the connector to type
org.eclipse.jetty.server.ssl.SslSocketConnector
to configure a SSLContextFactory including cipher list. -
Now we do have to explicitly put in values for keystore, password etc. How can we use variables, those one defined
org.ops4j.pax.web.cfg
or even those we use there? -
Additionally we would like to know more about the port settings. Where does
jetty.port
come from? Using other ports inorg.ops4j.pax.web.cfg
does not deactivate this default port but enables another one in parallel?
In etc/org.ops4j.pax.web.cfg,
org.osgi.service.http.enabled=false
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=${keyStore}
org.ops4j.pax.web.ssl.password=${keyStorePassword}
org.ops4j.pax.web.ssl.keypassword=${keyStorePassword}
org.ops4j.pax.web.ssl.clientauthwanted=false
org.ops4j.pax.web.ssl.clientauthneeded=false
org.ops4j.pax.web.config.file=${base}/etc/jetty.xml
Environment
- Red Hat JBoss A-MQ
- 6.0.0
- Red Hat JBoss Fuse
- 6.0.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.