Author: cziegeler
Date: Fri Jul 24 08:54:34 2015
New Revision: 1692466
URL: http://svn.apache.org/r1692466
Log:
FELIX-4972 : Make SSL renegotiation configurable
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
URL:
http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java?rev=1692466&r1=1692465&r2=1692466&view=diff
==============================================================================
---
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
(original)
+++
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
Fri Jul 24 08:54:34 2015
@@ -242,13 +242,16 @@ class ConfigMetaTypeProvider implements
2147483647,
null, null,
bundle.getBundleContext().getProperty(JettyConfig.FELIX_JETTY_EXCLUDED_PROTOCOLS)));
-
+
adList.add(new
AttributeDefinitionImpl(JettyConfig.FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE,
"Enable Proxy/Load Balancer Connection",
"Whether or not the Proxy/Load Balancer Connection is enabled.
Defaults to false thus disabled.",
false,
bundle.getBundleContext().getProperty(JettyConfig.FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE)));
+ adList.add(new
AttributeDefinitionImpl(JettyConfig.FELIX_JETTY_RENEGOTIATION_ALLOWED,
"Renegotiation allowed", "Whether TLS renegotiation is allowed (true by
default)",
+ true,
bundle.getBundleContext().getProperty(JettyConfig.FELIX_JETTY_RENEGOTIATION_ALLOWED)));
+
return new ObjectClassDefinition()
{
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
URL:
http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java?rev=1692466&r1=1692465&r2=1692466&view=diff
==============================================================================
---
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
(original)
+++
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
Fri Jul 24 08:54:34 2015
@@ -106,13 +106,13 @@ public final class JettyConfig
/** Felix specific property to set the list of path exclusions for Web
Application Bundles */
public static final String FELIX_HTTP_PATH_EXCLUSIONS =
"org.apache.felix.http.path_exclusions";
- /** Felix specific property to configure the excluded cipher suites.
@deprecated use {@link #FELIX_JETTY_EXCLUDE_SUITES} instead. */
+ /** Felix specific property to configure the excluded cipher suites.
@deprecated use {@link #FELIX_JETTY_EXCLUDED_SUITES} instead. */
@Deprecated
public static final String FELIX_JETTY_EXCLUDED_SUITES_OLD =
"org.apache.felix.https.jetty.cipersuites.excluded";
/** Felix specific property to configure the excluded cipher suites */
public static final String FELIX_JETTY_EXCLUDED_SUITES =
"org.apache.felix.https.jetty.ciphersuites.excluded";
- /** Felix specific property to configure the included cipher suites.
@deprecated use {@link #FELIX_JETTY_INCLUDE_SUITES} instead. */
+ /** Felix specific property to configure the included cipher suites.
@deprecated use {@link #FELIX_JETTY_INCLUDED_SUITES} instead. */
@Deprecated
public static final String FELIX_JETTY_INCLUDED_SUITES_OLD =
"org.apache.felix.https.jetty.cipersuites.included";
/** Felix specific property to configure the included cipher suites. */
@@ -127,6 +127,9 @@ public final class JettyConfig
/** Felix specific property to configure the excluded protocols */
public static final String FELIX_JETTY_EXCLUDED_PROTOCOLS =
"org.apache.felix.https.jetty.protocols.excluded";
+ /** Felix specific properties to be able to disable renegotiation protocol
for TLSv1 */
+ public static final String FELIX_JETTY_RENEGOTIATION_ALLOWED =
"org.apache.felix.https.jetty.renegotiateAllowed";
+
/** Felix specific property to control whether to enable Proxy/Load
Balancer Connection */
public static final String FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE =
"org.apache.felix.proxy.load.balancer.connection.enable";
@@ -368,6 +371,10 @@ public final class JettyConfig
return getBooleanProperty(FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE,
false);
}
+ public boolean isRenegotiationAllowed() {
+ return getBooleanProperty(FELIX_JETTY_RENEGOTIATION_ALLOWED, true);
+ }
+
public void reset()
{
update(null);
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
URL:
http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java?rev=1692466&r1=1692465&r2=1692466&view=diff
==============================================================================
---
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
(original)
+++
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
Fri Jul 24 08:54:34 2015
@@ -418,6 +418,8 @@ public final class JettyService extends
{
connector.setExcludeProtocols(this.config.getExcludedProtocols());
}
+
+
connector.setRenegotiationAllowed(this.config.isRenegotiationAllowed());
}
private void configureConnector(final ServerConnector connector, int port)
