+49 228 5552576-0


info@predic8.com

ssl

Description

Configures inbound or outbound SSL connections.

Can be used in

spring:beans, etcdBasedConfigurator, github, google, httpClientConfig, ldapUserDataProvider, membrane, proxy, proxy, registration, routerIpResolver, routerIpResolver, serviceProxy, soapProxy, stompClient, stompProxy, swaggerProxy and target

Syntax

				<ssl 
						[algorithm="..."] 
						[protocol="..."] 
						[ciphers="..."] 
						[clientAuth="..."]>
					<keystore   
							location="..." [password="..."] 
							[type="..."] [provider="..."] 
							[keyPassword="..."] [keyAlias="..."] >?
					<truststore 
							location="..." [password="..."] 
							[type="..."] [provider="..."] 
							[algorithm="..."] >?
				</ssl>
			
Listing 1: ssl Syntax

Sample

Inbound Sample

This example is taken from examples/ssl-server. It demonstrates how to configure inbound SSL.

				<serviceProxy port="443">
					<ssl>
						<keystore 
								location="../../conf/membrane.jks" 
								password="secret" keyPassword="secret" />
						<truststore 
								location="../../conf/membrane.jks" password="secret" />
					</ssl>
					<wsdlRewriter protocol="https" />
					<target host="thomas-bayer.com" />
				</serviceProxy>
			
Listing 23: Inbound ssl Example

Outbound Sample

This example is taken from examples/ssl-client. It demonstrates how to configure outbound SSL.

				<serviceProxy port="8080">
					<path>/svn</path>
					<target host="predic8.com" port="443">
						<ssl />
					</target>
				</serviceProxy>
			
Listing 23: Outbound ssl Example

Attributes

Name Required Default Description Example
algorithm false java default getDefaultAlgorithm() SunX509
ciphers false all system default ciphers Space separated list of ciphers to allow. getSupportedCipherSuites() TLS_ECDH_anon_WITH_RC4_128_SHA
clientAuth false not set Either not set (=no), or want or need. need
endpointIdentificationAlgorithm false HTTPS See setEndpointIdentificationAlgorithm().
ignoreTimestampCheckFailure false -
protocol false TLS SSLContext.getInstance()
protocols false TLS* SSLSocket.setEnabledProtocols()
serverName false same as target hostname. Setting the serverName tells Java to use the SNI (http://www.rfc-base.org/txt/rfc-3546.txt) on outbound TLS connections to indicate to the TLS server, which hostname the client wants to connect to.
showSSLExceptions false true Tells Membrane to show SSL exceptions in its log
useAsDefault false true whether to use the SSLContext built from this SSLParser when no SNI header was transmitted.
useExperimentalHttp2 false false whether to enable receiving HTTP/2 requests. (experimental)

Child Elements

Position Cardinality Description Element
1 0..1 keystore
2 0..1 Used to manually compose the keystore. key
3 0..1 Used to dynamically generate a key for the incoming connection on the fly. keyGenerator
4 0..1 truststore
5 0..1 Used to manually compose the truststore. trust

More information

For more information, especially the context and definition of the terminology, see the Java Secure Socket Extension (JSSE) reference guide.