ssl
Description
Configures inbound or outbound SSL connections.
Can be used in
spring:beans, api, bean, etcdBasedConfigurator, github, google, httpClientConfig, internalProxy, ldapUserDataProvider, membrane, proxy, proxy, registration, routerIpResolver, routerIpResolver, serviceProxy, soapProxy, stompClient, stompProxy, swaggerProxy and target
Syntax
<ssl [algorithm="..."] [protocol="..."] [ciphers="..."] [clientAuth="..."]> <keystore location="..." [password="..."] [type="..."] [provider="..."] [keyPassword="..."] [keyAlias="..."] >? <truststore location="..." [password="..."] [type="..."] [provider="..."] [algorithm="..."] >? </ssl>
Sample
Inbound Sample
This example is taken from examples/ssl-server. It demonstrates how to configure inbound SSL.
<serviceProxy port="443"> <ssl> <keystore location="../../conf/membrane.jks" password="secret" keyPassword="secret" /> <truststore location="../../conf/membrane.jks" password="secret" /> </ssl> <wsdlRewriter protocol="https" /> <target host="thomas-bayer.com" /> </serviceProxy>
Outbound Sample
This example is taken from examples/ssl-client. It demonstrates how to configure outbound SSL.
<serviceProxy port="8080"> <path>/svn</path> <target host="predic8.com" port="443"> <ssl /> </target> </serviceProxy>
Attributes
Name | Required | Default | Description | Example |
---|---|---|---|---|
algorithm | false | java default | getDefaultAlgorithm() | SunX509 |
ciphers | false | all system default ciphers | Space separated list of ciphers to allow. getSupportedCipherSuites() | TLS_ECDH_anon_WITH_RC4_128_SHA |
clientAuth | false | not set | Either not set (=no), or want or need . | need |
endpointIdentificationAlgorithm | false | HTTPS | See setEndpointIdentificationAlgorithm() . | |
ignoreTimestampCheckFailure | false | - | ||
protocol | false | TLS | SSLContext.getInstance() | |
protocols | false | TLS* | SSLSocket.setEnabledProtocols() | |
serverName | false | same as target hostname. | Setting the serverName tells Java to use the SNI (http://www.rfc-base.org/txt/rfc-3546.txt) on outbound TLS connections to indicate to the TLS server, which hostname the client wants to connect to. | |
showSSLExceptions | false | true | Tells Membrane to show SSL exceptions in its log | |
useAsDefault | false | true | whether to use the SSLContext built from this SSLParser when no SNI header was transmitted. | |
useExperimentalHttp2 | false | false | whether to enable receiving HTTP/2 requests. (experimental) |
Child Elements
Position | Cardinality | Description | Element |
---|---|---|---|
1 | 0..1 | keystore | |
2 | 0..1 | Used to manually compose the keystore. | key |
3 | 0..1 | Used to dynamically generate a key for the incoming connection on the fly. | keyGenerator |
4 | 0..1 | truststore | |
5 | 0..1 | Used to manually compose the truststore. | trust |
6 | 0..1 | acme |
More information
For more information, especially the context and definition of the terminology, see the Java Secure Socket Extension (JSSE) reference guide.