RE: Pax-Web - org.ops4j.pax.web.ssl.ciphersuites.excluded

Mon, 18 Jul 2022 06:28:46 -0700 

No I have not. But if you are using jetty you can redirect the socket 
configuration to the Jetty settings xml.

Add to org.ops4j.pax.web.cfg:

org.ops4j.pax.web.config.file = ${karaf.etc}/settings.xml

Within the xml you can declare and setup the Jetty beans:

        <New id="wansslContextFactory" 
class="org.eclipse.jetty.util.ssl.SslContextFactory">
            <Set name="KeyStorePath">
                <SystemProperty name="karaf.home"/>/etc/keystore/xyz.jks
            </Set>
            <Set name="KeyStorePassword">xxx</Set>
            <Set name="KeyManagerPassword">xxx</Set>
            <Set name="EndpointIdentificationAlgorithm"></Set>
            <Set name="NeedClientAuth">
                <Property name="jetty.ssl.needClientAuth" default="false"/>
            </Set>
            <Set name="WantClientAuth">
                <Property name="jetty.ssl.wantClientAuth" default="false"/>
            </Set>
            <!-- Disable SSLv3 to protect against POODLE bug -->
            <Set name="ExcludeProtocols">
                <Array type="java.lang.String">
                    <Item>SSLv3</Item>
                </Array>
            </Set>
            <Set name="ExcludeCipherSuites">
                <Array type="String">
                    <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
                    <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
...
                </Array>
            </Set>
        </New>



Has anyone used Pax-Web settings

org.ops4j.pax.web.ssl.ciphersuites.excluded=
org.ops4j.pax.web.ssl.ciphersuites.included=

? I've tried, for example, to exclude all ciphers with

org.ops4j.pax.web.ssl.ciphersuites.excluded=.*

but it doesn't seem to have an effect.




Al onze verrichtingen geschieden op basis van de Algemene voorwaarden der 
Expediteurs van België, gepubliceerd in de bijlage tot het Belgisch Staatsblad 
dd. 24 juni 2005 onder nr. 0090237. De tekst van deze voorwaarden wordt op uw 
verzoek gratis toegezonden.
All our transactions are subject to the General Conditions of the Belgian 
Forwarders Association which have been published under nr. 0090237 in the 
"Bijlage tot het Belgisch Staatsblad" dated June 24th, 2005, and is available 
free of charge upon request.
Toutes nos opérations se font sur base des Conditions Générales des Expéditeurs 
de Belgique. Le texte en a été publié dans l' Annexe au Moniteur Belge du 24 
juin 2005 sous le n° 0090237. Ce texte sera vous envoyé gratuitment sur demande.
Email confidentiality notice:
This email and any files transmitted with it are confidential and intended only 
for the use of the recipient. If you have received this email in error please 
notify its sender.

Reply via email to