FELIX-4674 Applying extended patch by Dominique Pfister (thanks alot)
The extension to the patch is the addition of support for listing included protocols
and add more words to the metatype descriptions.
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1633120 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
index 6f2e6ec..568283b 100644
--- a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
+++ b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
@@ -127,6 +127,12 @@
/** Felix specific property to specify whether a server header should be sent (defaults to true) */
public static final String FELIX_JETTY_SEND_SERVER_HEADER = "org.apache.felix.http.jetty.sendServerHeader";
+ /** Felix specific property to configure the included protocols */
+ public static final String FELIX_JETTY_INCLUDED_PROTOCOLS = "org.apache.felix.https.jetty.protocols.included";
+
+ /** Felix specific property to configure the excluded protocols */
+ public static final String FELIX_JETTY_EXCLUDED_PROTOCOLS = "org.apache.felix.https.jetty.protocols.excluded";
+
private static String validateContextPath(String ctxPath)
{
// undefined, empty, or root context path
@@ -197,6 +203,16 @@
return getStringArrayProperty(FELIX_JETTY_EXCLUDED_SUITES, getStringArrayProperty(FELIX_JETTY_EXCLUDED_SUITES_OLD, null));
}
+ public String[] getIncludedProtocols()
+ {
+ return getStringArrayProperty(FELIX_JETTY_INCLUDED_PROTOCOLS, null);
+ }
+
+ public String[] getExcludedProtocols()
+ {
+ return getStringArrayProperty(FELIX_JETTY_EXCLUDED_PROTOCOLS, null);
+ }
+
public int getHeaderSize()
{
return getIntProperty(FELIX_JETTY_HEADER_BUFFER_SIZE, 16 * 1024);
diff --git a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
index c0b7459..db48734 100644
--- a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
+++ b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
@@ -383,6 +383,16 @@
{
connector.setIncludeCipherSuites(this.config.getIncludedCipherSuites());
}
+
+ if (this.config.getIncludedProtocols() != null)
+ {
+ connector.getSslContextFactory().setIncludeProtocols(this.config.getIncludedProtocols());
+ }
+
+ if (this.config.getExcludedProtocols() != null)
+ {
+ connector.getSslContextFactory().setExcludeProtocols(this.config.getExcludedProtocols());
+ }
}
private void configureConnector(final Connector connector, int port)
diff --git a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
index 27ddb79..b9cba6c 100644
--- a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
+++ b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -142,5 +142,20 @@
org.apache.felix.https.jetty.cipersuites.included.description = List of cipher \
suites that should be included. Default is none.
+org.apache.felix.https.jetty.protocols.included.name = Included protocols
+org.apache.felix.https.jetty.protocols.included.description = List of SSL protocols \
+ to include by default. Protocols may be any supported by the Java \
+ platform such as SSLv2Hello, SSLv3, TLSv1, TLSv1.1, or TLSv1.2. Any \
+ listed protocl not supported is silently ignored. Default \
+ is none assuming to use any protocol enabled and supported on the platform.
+
+org.apache.felix.https.jetty.protocols.excluded.name = Excluded protocols
+org.apache.felix.https.jetty.protocols.excluded.description = List of SSL protocols \
+ to exclude. This property further restricts the enabled protocols by \
+ explicitly disabling. Any protocol listed in both this property and the \
+ Included protocols property is excluded. Default is none such as to \
+ accept all protocols enabled on platform or explicitly listed by the \
+ Included protocols property.
+
org.apache.felix.http.jetty.sendServerHeader.name = Send Server Header
org.apache.felix.http.jetty.sendServerHeader.description = If enabled, the server header is sent.
\ No newline at end of file
diff --git a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
index 8d2df36..30340b7 100644
--- a/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
+++ b/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -49,6 +49,8 @@
<AD id="org.apache.felix.https.jetty.cipersuites.excluded" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.cipersuites.excluded.name" description="%org.apache.felix.https.jetty.cipersuites.excluded.description"/>
<AD id="org.apache.felix.https.jetty.cipersuites.included" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.cipersuites.included.name" description="%org.apache.felix.https.jetty.cipersuites.included.description"/>
<AD id="org.apache.felix.http.jetty.sendServerHeader" type="Boolean" default="true" name="%org.apache.felix.http.jetty.sendServerHeader.name" description="%org.apache.felix.http.jetty.sendServerHeader.description"/>
+ <AD id="org.apache.felix.https.jetty.protocols.included" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.protocols.included.name" description="%org.apache.felix.https.jetty.protocols.included.description"/>
+ <AD id="org.apache.felix.https.jetty.protocols.excluded" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.protocols.excluded.name" description="%org.apache.felix.https.jetty.protocols.excluded.description"/>
</OCD>
<Designate pid="org.apache.felix.http">
<Object ocdref="org.apache.felix.http"/>