summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc_http_service')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java18
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java4
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java36
3 files changed, 20 insertions, 38 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
index 7a683b74656..140feb75026 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java
@@ -23,6 +23,7 @@ import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnectionStatistics;
import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.AbstractHandlerContainer;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.StatisticsHandler;
@@ -316,6 +317,7 @@ public class JettyHttpServer extends AbstractServerProvider {
public void start() {
try {
server.start();
+ logEffectiveSslConfiguration();
} catch (final Exception e) {
if (e instanceof IOException && e.getCause() instanceof BindException) {
throw new RuntimeException("Failed to start server due to BindExecption. ListenPorts = " + listenedPorts.toString(), e.getCause());
@@ -324,6 +326,22 @@ public class JettyHttpServer extends AbstractServerProvider {
}
}
+ private void logEffectiveSslConfiguration() {
+ if (!server.isStarted()) throw new IllegalStateException();
+ for (Connector connector : server.getConnectors()) {
+ ServerConnector serverConnector = (ServerConnector) connector;
+ int localPort = serverConnector.getLocalPort();
+ var sslConnectionFactory = serverConnector.getConnectionFactory(SslConnectionFactory.class);
+ if (sslConnectionFactory != null) {
+ var sslContextFactory = sslConnectionFactory.getSslContextFactory();
+ log.info(String.format("Enabled SSL cipher suites for port '%d': %s",
+ localPort, Arrays.toString(sslContextFactory.getSelectedCipherSuites())));
+ log.info(String.format("Enabled SSL protocols for port '%d': %s",
+ localPort, Arrays.toString(sslContextFactory.getSelectedProtocols())));
+ }
+ }
+ }
+
@Override
public void close() {
try {
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
index b2e7ba1be67..90848f1dfd4 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
@@ -70,12 +70,12 @@ public class ConfiguredSslContextFactoryProvider implements SslContextFactoryPro
List<String> protocols = !sslConfig.enabledProtocols().isEmpty()
? sslConfig.enabledProtocols()
- : new ArrayList<>(TlsContext.ALLOWED_PROTOCOLS);
+ : new ArrayList<>(TlsContext.getAllowedProtocols(sslContext));
setEnabledProtocols(factory, sslContext, protocols);
List<String> ciphers = !sslConfig.enabledCipherSuites().isEmpty()
? sslConfig.enabledCipherSuites()
- : new ArrayList<>(TlsContext.ALLOWED_CIPHER_SUITES);
+ : new ArrayList<>(TlsContext.getAllowedCipherSuites(sslContext));
setEnabledCipherSuites(factory, sslContext, ciphers);
return factory;
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java
deleted file mode 100644
index 4d3bb4a280a..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl.impl;
-
-import org.eclipse.jetty.util.resource.Resource;
-import org.eclipse.jetty.util.security.CertificateUtils;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-import java.security.KeyStore;
-import java.util.Objects;
-
-/**
- * A modified {@link SslContextFactory} that allows passwordless truststore in combination with password protected keystore.
- *
- * @author bjorncs
- */
-class JDiscSslContextFactory extends SslContextFactory.Server {
-
- private String trustStorePassword;
-
- @Override
- public void setTrustStorePassword(String password) {
- super.setTrustStorePassword(password);
- this.trustStorePassword = password;
- }
-
-
- // Overriden to stop Jetty from using the keystore password if no truststore password is specified.
- @Override
- protected KeyStore loadTrustStore(Resource resource) throws Exception {
- return CertificateUtils.getKeyStore(
- resource != null ? resource : getKeyStoreResource(),
- Objects.toString(getTrustStoreType(), getKeyStoreType()),
- Objects.toString(getTrustStoreProvider(), getKeyStoreProvider()),
- trustStorePassword);
- }
-}