ssl
Description
Configures inbound or outbound SSL connections.
Can be used in
spring:beans, etcdBasedConfigurator, github, google, membrane, registration, serviceProxy, soapProxy, stompClient, stompProxy, swaggerProxy and target
Syntax
<ssl [algorithm="..."] [protocol="..."] [ciphers="..."] [clientAuth="..."]> <keystore location="..." [password="..."] [type="..."] [provider="..."] [keyPassword="..."] [keyAlias="..."] >? <truststore location="..." [password="..."] [type="..."] [provider="..."] [algorithm="..."] >? </ssl>
Listing 1: ssl Syntax
Sample
Inbound Sample
This example is taken from examples/ssl-server. It demonstrates how to configure inbound SSL.
<serviceProxy port="443"> <ssl> <keystore location="../../conf/membrane.jks" password="secret" keyPassword="secret" /> <truststore location="../../conf/membrane.jks" password="secret" /> </ssl> <wsdlRewriter protocol="https" /> <target host="thomas-bayer.com" /> </serviceProxy>
Listing 23: Inbound ssl Example
Outbound Sample
This example is taken from examples/ssl-client. It demonstrates how to configure outbound SSL.
<serviceProxy port="8080"> <path>/svn</path> <target host="predic8.com" port="443"> <ssl /> </target> </serviceProxy>
Listing 23: Outbound ssl Example
Attributes
Name | Required | Default | Description | Example |
---|---|---|---|---|
algorithm | false | java default | getDefaultAlgorithm() | SunX509 |
ciphers | false | all system default ciphers | Space separated list of ciphers to allow. getSupportedCipherSuites() | TLS_ECDH_anon_WITH_RC4_128_SHA |
clientAuth | false | not set | Either not set (=no), or want or need. | need |
endpointIdentificationAlgorithm | false | HTTPS | See setEndpointIdentificationAlgorithm(). | |
ignoreTimestampCheckFailure | false | - | ||
protocol | false | TLS | SSLContext.getInstance() | |
protocols | false | TLS* | SSLSocket.setEnabledProtocols() |
Child Elements
Position | Cardinality | Description | Element |
---|---|---|---|
1 | 0..1 | keystore | |
2 | 0..1 | Used to manually compose the keystore. | key |
3 | 0..1 | truststore | |
4 | 0..1 | Used to manually compose the truststore. | trust |
More information
For more information, especially the context and definition of the terminology, see the Java Secure Socket Extension (JSSE) reference guide.