You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by cz...@apache.org on 2015/07/24 10:54:34 UTC
svn commit: r1692466 - in
/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal:
ConfigMetaTypeProvider.java JettyConfig.java JettyService.java
Author: cziegeler
Date: Fri Jul 24 08:54:34 2015
New Revision: 1692466
URL: http://svn.apache.org/r1692466
Log:
FELIX-4972 : Make SSL renegotiation configurable
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java?rev=1692466&r1=1692465&r2=1692466&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java Fri Jul 24 08:54:34 2015
@@ -242,13 +242,16 @@ class ConfigMetaTypeProvider implements
2147483647,
null, null,
bundle.getBundleContext().getProperty(JettyConfig.FELIX_JETTY_EXCLUDED_PROTOCOLS)));
-
+
adList.add(new AttributeDefinitionImpl(JettyConfig.FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE,
"Enable Proxy/Load Balancer Connection",
"Whether or not the Proxy/Load Balancer Connection is enabled. Defaults to false thus disabled.",
false,
bundle.getBundleContext().getProperty(JettyConfig.FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE)));
+ adList.add(new AttributeDefinitionImpl(JettyConfig.FELIX_JETTY_RENEGOTIATION_ALLOWED, "Renegotiation allowed", "Whether TLS renegotiation is allowed (true by default)",
+ true, bundle.getBundleContext().getProperty(JettyConfig.FELIX_JETTY_RENEGOTIATION_ALLOWED)));
+
return new ObjectClassDefinition()
{
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java?rev=1692466&r1=1692465&r2=1692466&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java Fri Jul 24 08:54:34 2015
@@ -106,13 +106,13 @@ public final class JettyConfig
/** Felix specific property to set the list of path exclusions for Web Application Bundles */
public static final String FELIX_HTTP_PATH_EXCLUSIONS = "org.apache.felix.http.path_exclusions";
- /** Felix specific property to configure the excluded cipher suites. @deprecated use {@link #FELIX_JETTY_EXCLUDE_SUITES} instead. */
+ /** Felix specific property to configure the excluded cipher suites. @deprecated use {@link #FELIX_JETTY_EXCLUDED_SUITES} instead. */
@Deprecated
public static final String FELIX_JETTY_EXCLUDED_SUITES_OLD = "org.apache.felix.https.jetty.cipersuites.excluded";
/** Felix specific property to configure the excluded cipher suites */
public static final String FELIX_JETTY_EXCLUDED_SUITES = "org.apache.felix.https.jetty.ciphersuites.excluded";
- /** Felix specific property to configure the included cipher suites. @deprecated use {@link #FELIX_JETTY_INCLUDE_SUITES} instead. */
+ /** Felix specific property to configure the included cipher suites. @deprecated use {@link #FELIX_JETTY_INCLUDED_SUITES} instead. */
@Deprecated
public static final String FELIX_JETTY_INCLUDED_SUITES_OLD = "org.apache.felix.https.jetty.cipersuites.included";
/** Felix specific property to configure the included cipher suites. */
@@ -127,6 +127,9 @@ public final class JettyConfig
/** Felix specific property to configure the excluded protocols */
public static final String FELIX_JETTY_EXCLUDED_PROTOCOLS = "org.apache.felix.https.jetty.protocols.excluded";
+ /** Felix specific properties to be able to disable renegotiation protocol for TLSv1 */
+ public static final String FELIX_JETTY_RENEGOTIATION_ALLOWED = "org.apache.felix.https.jetty.renegotiateAllowed";
+
/** Felix specific property to control whether to enable Proxy/Load Balancer Connection */
public static final String FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE = "org.apache.felix.proxy.load.balancer.connection.enable";
@@ -368,6 +371,10 @@ public final class JettyConfig
return getBooleanProperty(FELIX_PROXY_LOAD_BALANCER_CONNECTION_ENABLE, false);
}
+ public boolean isRenegotiationAllowed() {
+ return getBooleanProperty(FELIX_JETTY_RENEGOTIATION_ALLOWED, true);
+ }
+
public void reset()
{
update(null);
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java?rev=1692466&r1=1692465&r2=1692466&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java Fri Jul 24 08:54:34 2015
@@ -418,6 +418,8 @@ public final class JettyService extends
{
connector.setExcludeProtocols(this.config.getExcludedProtocols());
}
+
+ connector.setRenegotiationAllowed(this.config.isRenegotiationAllowed());
}
private void configureConnector(final ServerConnector connector, int port)