Log effective SSL setup on JDisc startup

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-12-04 17:27:37 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-12-04 17:53:49 +0100
commit: 0f0149ec0e74ad8f2178f1869645ba7fb595bcab (patch)
tree: 749bc1a698c71c4fd10106901e7f011e8bf0ec8a /jdisc_http_service
parent: 7d88e2d95d697fdaa4a689942e14e9e60b5cb9e8 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
index 7a683b74656..140feb75026 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
@@ -23,6 +23,7 @@ import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnectionStatistics;
 import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.server.handler.AbstractHandlerContainer;
 import org.eclipse.jetty.server.handler.HandlerCollection;
 import org.eclipse.jetty.server.handler.StatisticsHandler;
@@ -316,6 +317,7 @@ public class JettyHttpServer extends AbstractServerProvider {
     public void start() {
         try {
             server.start();
+            logEffectiveSslConfiguration();
         } catch (final Exception e) {
             if (e instanceof IOException && e.getCause() instanceof BindException) {
                 throw new RuntimeException("Failed to start server due to BindExecption. ListenPorts = " + listenedPorts.toString(), e.getCause());
@@ -324,6 +326,22 @@ public class JettyHttpServer extends AbstractServerProvider {
         }
     }
 
+    private void logEffectiveSslConfiguration() {
+        if (!server.isStarted()) throw new IllegalStateException();
+        for (Connector connector : server.getConnectors()) {
+            ServerConnector serverConnector = (ServerConnector) connector;
+            int localPort = serverConnector.getLocalPort();
+            var sslConnectionFactory = serverConnector.getConnectionFactory(SslConnectionFactory.class);
+            if (sslConnectionFactory != null) {
+                var sslContextFactory = sslConnectionFactory.getSslContextFactory();
+                log.info(String.format("Enabled SSL cipher suites for port '%d': %s",
+                                       localPort, Arrays.toString(sslContextFactory.getSelectedCipherSuites())));
+                log.info(String.format("Enabled SSL protocols for port '%d': %s",
+                                       localPort, Arrays.toString(sslContextFactory.getSelectedProtocols())));
+            }
+        }
+    }
+
     @Override
     public void close() {
         try {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-12-04 17:27:37 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-12-04 17:53:49 +0100
commit	0f0149ec0e74ad8f2178f1869645ba7fb595bcab (patch)
tree	749bc1a698c71c4fd10106901e7f011e8bf0ec8a /jdisc_http_service
parent	7d88e2d95d697fdaa4a689942e14e9e60b5cb9e8 (diff)