1:41 a.m.
I'm trying to replace Jetty 7 with with Undertow 1.3.11.Final. In Jetty 7
I was able to create an
org.eclipse.jetty.util.ssl.SslContextFactory that let me:
1. determine if client auth is needed, allowed or required
2. disable sslv3
3. enable only certain ciphers
Looking at undertow I see that I can use Undertow.addHttpsListener with an
SSLContext but I don't see how set client auth, ciphers, etc.
Any help would be greatly appreciated.
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
<marc.boorshtein(a)tremolosecurity.com>
1:49 a.m.
You control this via XNIO Options (e.g. org.xnio.Options#SSL_CLIENT_AUTH_MODE).
You can specify them using io.undertow.Undertow.Builder#setSocketOption
In your case you need:
SSL_CLIENT_AUTH_MODE: controls client auth
SSL_ENABLED_PROTOCOLS: control allows SSL/TLS versions
SSL_ENABLED_CIPHER_SUITES: control ciphers
Stuart
----- Original Message -----
From: "Marc Boorshtein"
<marc.boorshtein(a)tremolosecurity.com>
To: "undertow-dev@lists jboss. org" <undertow-dev(a)lists.jboss.org>
Sent: Friday, 8 January, 2016 4:41:40 PM
Subject: [undertow-dev] Help embedding undertow and TLS
I'm trying to replace Jetty 7 with with Undertow 1.3.11.Final. In Jetty 7 I
was able to create an
org.eclipse.jetty.util.ssl.SslContextFactory that let me:
1. determine if client auth is needed, allowed or required
2. disable sslv3
3. enable only certain ciphers
Looking at undertow I see that I can use Undertow.addHttpsListener with an
SSLContext but I don't see how set client auth, ciphers, etc.
Any help would be greatly appreciated.
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
3269
days inactive
3275
days old
1 comments
2 participants
participants (2)
-
Marc Boorshtein -
Stuart Douglas