Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setIncludeCipherSuites()
The following examples show how to use
org.eclipse.jetty.util.ssl.SslContextFactory#setIncludeCipherSuites() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JettyWebServer.java From Doradus with Apache License 2.0 | 6 votes |
|
private ServerConnector createSSLConnector() {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(m_keystore);
sslContextFactory.setKeyStorePassword(m_keystorepassword);
sslContextFactory.setTrustStorePath(m_truststore);
sslContextFactory.setTrustStorePassword(m_truststorepassword);
sslContextFactory.setNeedClientAuth(m_clientauthentication);
sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites);
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config);
ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory);
return sslConnector;
}
Example 2
| Source File: SSLUtils.java From kop with Apache License 2.0 | 5 votes |
|
/**
* Configures Protocol, Algorithm and Provider related settings in SslContextFactory.
*/
protected static void configureSslContextFactoryAlgorithms(SslContextFactory ssl,
Map<String, Object> sslConfigValues) {
Set<String> sslEnabledProtocols =
(Set<String>) getOrDefault(
sslConfigValues,
SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG,
Arrays.asList(SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS.split("\\s*,\\s*")));
ssl.setIncludeProtocols(sslEnabledProtocols.toArray(new String[sslEnabledProtocols.size()]));
String sslProvider = (String) sslConfigValues.get(SslConfigs.SSL_PROVIDER_CONFIG);
if (sslProvider != null) {
ssl.setProvider(sslProvider);
}
ssl.setProtocol(
(String) getOrDefault(sslConfigValues, SslConfigs.SSL_PROTOCOL_CONFIG, SslConfigs.DEFAULT_SSL_PROTOCOL));
Set<String> sslCipherSuites = (Set<String>) sslConfigValues.get(SslConfigs.SSL_CIPHER_SUITES_CONFIG);
if (sslCipherSuites != null) {
ssl.setIncludeCipherSuites(sslCipherSuites.toArray(new String[sslCipherSuites.size()]));
}
ssl.setKeyManagerFactoryAlgorithm((String) getOrDefault(
sslConfigValues,
SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG,
SslConfigs.DEFAULT_SSL_KEYMANGER_ALGORITHM));
String sslSecureRandomImpl = (String) sslConfigValues.get(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
if (sslSecureRandomImpl != null) {
ssl.setSecureRandomAlgorithm(sslSecureRandomImpl);
}
ssl.setTrustManagerFactoryAlgorithm((String) getOrDefault(
sslConfigValues,
SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG,
SslConfigs.DEFAULT_SSL_TRUSTMANAGER_ALGORITHM));
}
Example 3
| Source File: HttpServerExtension.java From kareldb with Apache License 2.0 | 4 votes |
|
private static SslContextFactory createSslContextFactory(KarelDbConfig config) {
SslContextFactory sslContextFactory = new SslContextFactory();
if (!config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
sslContextFactory.setKeyStorePath(
config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG)
);
sslContextFactory.setKeyStorePassword(
config.getPassword(KarelDbConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value()
);
sslContextFactory.setKeyManagerPassword(
config.getPassword(KarelDbConfig.SSL_KEY_PASSWORD_CONFIG).value()
);
sslContextFactory.setKeyStoreType(
config.getString(KarelDbConfig.SSL_KEYSTORE_TYPE_CONFIG)
);
if (!config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
sslContextFactory.setKeyManagerFactoryAlgorithm(
config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
}
}
configureClientAuth(config, sslContextFactory);
List<String> enabledProtocols = config.getList(KarelDbConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
if (!enabledProtocols.isEmpty()) {
sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0]));
}
List<String> cipherSuites = config.getList(KarelDbConfig.SSL_CIPHER_SUITES_CONFIG);
if (!cipherSuites.isEmpty()) {
sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0]));
}
sslContextFactory.setEndpointIdentificationAlgorithm(
config.getString(KarelDbConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));
if (!config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
sslContextFactory.setTrustStorePath(
config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG)
);
sslContextFactory.setTrustStorePassword(
config.getPassword(KarelDbConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value()
);
sslContextFactory.setTrustStoreType(
config.getString(KarelDbConfig.SSL_TRUSTSTORE_TYPE_CONFIG)
);
if (!config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
sslContextFactory.setTrustManagerFactoryAlgorithm(
config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG)
);
}
}
sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROTOCOL_CONFIG));
if (!config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG));
}
sslContextFactory.setRenegotiationAllowed(false);
return sslContextFactory;
}
Example 4
| Source File: HttpsConnectorGenerator.java From dremio-oss with Apache License 2.0 | 4 votes |
|
/**
* Create an HTTPS connector for given jetty server instance. If the config has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @param hostName hostname
* @param config {@link DremioConfig} containing SSL related settings if any.
* @param embeddedJetty Jetty server instance needed for creating a ServerConnector.
* @return Initialized {@link ServerConnector} for HTTPS connections and the trust store. Trust store is non-null only
* when in case of auto generated self-signed certificate.
* @throws Exception
*/
public Pair<ServerConnector, KeyStore> createHttpsConnector(
final Server embeddedJetty,
final DremioConfig config,
final String hostName,
final String... alternativeNames
) throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SSLConfigurator configurator = new SSLConfigurator(config, DremioConfig.WEB_SSL_PREFIX, "web");
final Optional<SSLConfig> sslConfigOption = configurator.getSSLConfig(true, hostName, alternativeNames);
Preconditions.checkState(sslConfigOption.isPresent()); // caller's responsibility
final SSLConfig sslConfig = sslConfigOption.get();
final KeyStore keyStore = KeyStore.getInstance(sslConfig.getKeyStoreType());
try (InputStream stream = Files.newInputStream(Paths.get(sslConfig.getKeyStorePath()))) {
keyStore.load(stream, sslConfig.getKeyStorePassword().toCharArray());
}
KeyStore trustStore = null;
//noinspection StringEquality
if (sslConfig.getTrustStorePath() != SSLConfig.UNSPECIFIED) {
trustStore = KeyStore.getInstance(sslConfig.getTrustStoreType());
try (InputStream stream = Files.newInputStream(Paths.get(sslConfig.getTrustStorePath()))) {
trustStore.load(stream, sslConfig.getTrustStorePassword().toCharArray());
}
}
final SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(sslConfig.getKeyPassword());
// TODO(DX-12920): sslContextFactory.setKeyStorePassword(sslConfig.getKeyStorePassword());
sslContextFactory.setTrustStore(trustStore);
final String[] enabledCiphers;
final String customCipherSuite = System.getProperty(DREMIO_SSL_CIPHERSUITE_OVERRIDE);
if (customCipherSuite != null) {
logger.info("Using custom cipher list for web server");
enabledCiphers = Splitter.on(",")
.trimResults()
.omitEmptyStrings()
.splitToList(customCipherSuite)
.toArray(new String[0]);
logger.info("Selected cipher list: {}", Arrays.toString(enabledCiphers));
} else {
/* By default, only enable the OWASP broad compatibility list of cipher suites, the order listed
* is the preferred priority of the cipher suites.
* TLS 1.3 is not supported in JDK 8, but the first three ciphers are still included for future compatibility.
*
* See: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/TLS_Cipher_String_Cheat_Sheet.md
*/
enabledCiphers = new String[] {
"TLS_AES_256_GCM_SHA384", // TLS 1.3
"TLS_CHACHA20_POLY1305_SHA256", // TLS 1.3
"TLS_AES_128_GCM_SHA256", // TLS 1.3
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
};
}
sslContextFactory.setIncludeCipherSuites(enabledCiphers);
sslContextFactory.setRenegotiationAllowed(false);
// TODO(DX-12920): sslContextFactory.setValidateCerts(true); to ensure that the server starts up with a valid
// certificate
// TODO(DX-12920): sslContextFactory.setValidatePeerCerts(!sslConfig.disableCertificateVerification());
// this ensures that jersey is aware that we are using https - without this it thinks that every connection is unsecured
final HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme("https");
httpConfig.addCustomizer(new SecureRequestCustomizer());
final ServerConnector sslConnector =
new ServerConnector(
embeddedJetty,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpConfig)
);
return Pair.of(sslConnector, trustStore);
}
Example 5
| Source File: SslContextFactoryUtils.java From vespa with Apache License 2.0 | 4 votes |
|
static void setEnabledCipherSuites(SslContextFactory factory, SSLContext sslContext, List<String> enabledCiphers) {
String[] supportedCiphers = sslContext.getSupportedSSLParameters().getCipherSuites();
factory.setIncludeCipherSuites(enabledCiphers.toArray(String[]::new));
factory.setExcludeCipherSuites(createExclusionList(enabledCiphers, supportedCiphers));
}
Example 6
| Source File: Launcher.java From EchoQuery with GNU General Public License v2.0 | 4 votes |
|
/**
* Configures and sets up a Jetty server.
* @param args
* @throws Exception
*/
public static void main(final String[] args) throws Exception {
// Configure logging to output to the console with default level of
// INFO.
BasicConfigurator.configure();
Server server = new Server();
// Configure SSL from system properties.
SslConnectionFactory sslConnectionFactory = new SslConnectionFactory();
SslContextFactory sslContextFactory =
sslConnectionFactory.getSslContextFactory();
sslContextFactory.setKeyStorePath(
System.getProperty("javax.net.ssl.keyStore"));
sslContextFactory.setKeyStorePassword(
System.getProperty("javax.net.ssl.keyStorePassword"));
sslContextFactory.setIncludeCipherSuites(Sdk.SUPPORTED_CIPHER_SUITES);
// Configure HTTPS server.
HttpConfiguration httpConf = new HttpConfiguration();
httpConf.setSecurePort(PORT);
httpConf.setSecureScheme(HTTPS_SCHEME);
httpConf.addCustomizer(new SecureRequestCustomizer());
HttpConnectionFactory httpConnectionFactory =
new HttpConnectionFactory(httpConf);
// Set up the servlets.
ServerConnector serverConnector = new ServerConnector(
server, sslConnectionFactory, httpConnectionFactory);
serverConnector.setPort(PORT);
Connector[] connectors = new Connector[1];
connectors[0] = serverConnector;
server.setConnectors(connectors);
ServletContextHandler context =
new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
server.setHandler(context);
context.addServlet(new ServletHolder(
createServlet(new EchoQuerySpeechlet())), "/echoquery");
server.start();
server.join();
}
Example 7
| Source File: WebSocketCommon.java From datacollector with Apache License 2.0 | 4 votes |
|
public static WebSocketClient createWebSocketClient(String resourceUrl, TlsConfigBean tlsConf) {
try {
resourceUrl = resourceUrl.toLowerCase();
if (resourceUrl.startsWith("wss")) {
SslContextFactory sslContextFactory = new SslContextFactory();
if (tlsConf != null && tlsConf.isEnabled() && tlsConf.isInitialized()) {
if (tlsConf.getKeyStore() != null) {
sslContextFactory.setKeyStore(tlsConf.getKeyStore());
} else {
if (tlsConf.keyStoreFilePath != null) {
sslContextFactory.setKeyStorePath(tlsConf.keyStoreFilePath);
}
if (tlsConf.keyStoreType != null) {
sslContextFactory.setKeyStoreType(tlsConf.keyStoreType.getJavaValue());
}
}
if (tlsConf.keyStorePassword != null) {
sslContextFactory.setKeyStorePassword(tlsConf.keyStorePassword.get());
}
if (tlsConf.getTrustStore() != null) {
sslContextFactory.setTrustStore(tlsConf.getTrustStore());
} else {
if (tlsConf.trustStoreFilePath != null) {
sslContextFactory.setTrustStorePath(tlsConf.trustStoreFilePath);
}
if (tlsConf.trustStoreType != null) {
sslContextFactory.setTrustStoreType(tlsConf.trustStoreType.getJavaValue());
}
}
if (tlsConf.trustStorePassword != null) {
sslContextFactory.setTrustStorePassword(tlsConf.trustStorePassword.get());
}
sslContextFactory.setSslContext(tlsConf.getSslContext());
sslContextFactory.setIncludeCipherSuites(tlsConf.getFinalCipherSuites());
sslContextFactory.setIncludeProtocols(tlsConf.getFinalProtocols());
}
return new WebSocketClient(sslContextFactory);
} else {
return new WebSocketClient();
}
} catch (Exception e) {
throw new IllegalArgumentException(resourceUrl, e);
}
}
Example 8
| Source File: BrooklynWebServer.java From brooklyn-server with Apache License 2.0 | 4 votes |
|
private SslContextFactory createContextFactory() throws KeyStoreException {
SslContextFactory sslContextFactory = new SslContextFactory();
// allow webconsole keystore & related properties to be set in brooklyn.properties
String ksUrl = getKeystoreUrl();
String ksPassword = getConfig(keystorePassword, BrooklynWebConfig.KEYSTORE_PASSWORD);
String ksCertAlias = getConfig(keystoreCertAlias, BrooklynWebConfig.KEYSTORE_CERTIFICATE_ALIAS);
String trProtos = getConfig(transportProtocols, BrooklynWebConfig.TRANSPORT_PROTOCOLS);
String trCiphers = getConfig(transportCiphers, BrooklynWebConfig.TRANSPORT_CIPHERS);
if (ksUrl!=null) {
sslContextFactory.setKeyStorePath(getLocalKeyStorePath(ksUrl));
if (Strings.isEmpty(ksPassword))
throw new IllegalArgumentException("Keystore password is required and non-empty if keystore is specified.");
sslContextFactory.setKeyStorePassword(ksPassword);
if (Strings.isNonEmpty(ksCertAlias))
sslContextFactory.setCertAlias(ksCertAlias);
} else {
log.info("No keystore specified but https enabled; creating a default keystore");
if (Strings.isEmpty(ksCertAlias))
ksCertAlias = "web-console";
// if password is blank the process will block and read from stdin !
if (Strings.isEmpty(ksPassword)) {
ksPassword = Identifiers.makeRandomId(8);
log.debug("created random password "+ksPassword+" for ad hoc internal keystore");
}
KeyStore ks = SecureKeys.newKeyStore();
KeyPair key = SecureKeys.newKeyPair();
X509Certificate cert = new FluentKeySigner("brooklyn").newCertificateFor("web-console", key);
ks.setKeyEntry(ksCertAlias, key.getPrivate(), ksPassword.toCharArray(),
new Certificate[] { cert });
sslContextFactory.setKeyStore(ks);
sslContextFactory.setKeyStorePassword(ksPassword);
sslContextFactory.setCertAlias(ksCertAlias);
}
if (!Strings.isEmpty(truststorePath)) {
sslContextFactory.setTrustStorePath(checkFileExists(truststorePath, "truststore"));
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
if (Strings.isNonBlank(trProtos)) {
sslContextFactory.setIncludeProtocols(parseArray(trProtos));
}
if (Strings.isNonBlank(trCiphers)) {
sslContextFactory.setIncludeCipherSuites(parseArray(trCiphers));
}
return sslContextFactory;
}
Example 9
| Source File: JettyHTTPServerEngine.java From cxf with Apache License 2.0 | 4 votes |
|
protected SSLContext createSSLContext(SslContextFactory scf) throws Exception {
String proto = tlsServerParameters.getSecureSocketProtocol() == null
? "TLS" : tlsServerParameters.getSecureSocketProtocol();
// Jetty 9 excludes SSLv3 by default. So if we want it then we need to
// remove it from the default excluded protocols
boolean allowSSLv3 = "SSLv3".equals(proto);
if (allowSSLv3 || !tlsServerParameters.getIncludeProtocols().isEmpty()) {
List<String> excludedProtocols = new ArrayList<>();
for (String excludedProtocol : scf.getExcludeProtocols()) {
if (!(tlsServerParameters.getIncludeProtocols().contains(excludedProtocol)
|| (allowSSLv3 && ("SSLv3".equals(excludedProtocol)
|| "SSLv2Hello".equals(excludedProtocol))))) {
excludedProtocols.add(excludedProtocol);
}
}
String[] revisedProtocols = new String[excludedProtocols.size()];
excludedProtocols.toArray(revisedProtocols);
scf.setExcludeProtocols(revisedProtocols);
}
for (String p : tlsServerParameters.getExcludeProtocols()) {
scf.addExcludeProtocols(p);
}
SSLContext context = tlsServerParameters.getJsseProvider() == null
? SSLContext.getInstance(detectProto(proto, allowSSLv3))
: SSLContext.getInstance(detectProto(proto, allowSSLv3), tlsServerParameters.getJsseProvider());
KeyManager[] keyManagers = tlsServerParameters.getKeyManagers();
KeyManager[] configuredKeyManagers = org.apache.cxf.transport.https.SSLUtils.configureKeyManagersWithCertAlias(
tlsServerParameters, keyManagers);
context.init(configuredKeyManagers,
tlsServerParameters.getTrustManagers(),
tlsServerParameters.getSecureRandom());
// Set the CipherSuites
final String[] supportedCipherSuites =
SSLUtils.getServerSupportedCipherSuites(context);
if (tlsServerParameters.getCipherSuitesFilter() != null
&& tlsServerParameters.getCipherSuitesFilter().isSetExclude()) {
String[] excludedCipherSuites =
SSLUtils.getFilteredCiphersuites(tlsServerParameters.getCipherSuitesFilter(),
supportedCipherSuites,
LOG,
true);
scf.setExcludeCipherSuites(excludedCipherSuites);
}
String[] includedCipherSuites =
SSLUtils.getCiphersuitesToInclude(tlsServerParameters.getCipherSuites(),
tlsServerParameters.getCipherSuitesFilter(),
context.getServerSocketFactory().getDefaultCipherSuites(),
supportedCipherSuites,
LOG);
scf.setIncludeCipherSuites(includedCipherSuites);
return context;
}
Example 10
| Source File: ApplicationServer.java From rest-utils with Apache License 2.0 | 4 votes |
|
private SslContextFactory createSslContextFactory(RestConfig config) {
SslContextFactory sslContextFactory = new SslContextFactory.Server();
if (!config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
sslContextFactory.setKeyStorePath(
config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)
);
sslContextFactory.setKeyStorePassword(
config.getPassword(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value()
);
sslContextFactory.setKeyManagerPassword(
config.getPassword(RestConfig.SSL_KEY_PASSWORD_CONFIG).value()
);
sslContextFactory.setKeyStoreType(
config.getString(RestConfig.SSL_KEYSTORE_TYPE_CONFIG)
);
if (!config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
sslContextFactory.setKeyManagerFactoryAlgorithm(
config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
}
if (config.getBoolean(RestConfig.SSL_KEYSTORE_RELOAD_CONFIG)) {
Path watchLocation = getWatchLocation(config);
try {
FileWatcher.onFileChange(watchLocation, () -> {
// Need to reset the key store path for symbolic link case
sslContextFactory.setKeyStorePath(
config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)
);
sslContextFactory.reload(scf -> log.info("Reloaded SSL cert"));
}
);
log.info("Enabled SSL cert auto reload for: " + watchLocation);
} catch (java.io.IOException e) {
log.error("Can not enabled SSL cert auto reload", e);
}
}
}
configureClientAuth(sslContextFactory, config);
List<String> enabledProtocols = config.getList(RestConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
if (!enabledProtocols.isEmpty()) {
sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0]));
}
List<String> cipherSuites = config.getList(RestConfig.SSL_CIPHER_SUITES_CONFIG);
if (!cipherSuites.isEmpty()) {
sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0]));
}
sslContextFactory.setEndpointIdentificationAlgorithm(
config.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));
if (!config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
sslContextFactory.setTrustStorePath(
config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG)
);
sslContextFactory.setTrustStorePassword(
config.getPassword(RestConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value()
);
sslContextFactory.setTrustStoreType(
config.getString(RestConfig.SSL_TRUSTSTORE_TYPE_CONFIG)
);
if (!config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
sslContextFactory.setTrustManagerFactoryAlgorithm(
config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG)
);
}
}
sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROTOCOL_CONFIG));
if (!config.getString(RestConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROVIDER_CONFIG));
}
sslContextFactory.setRenegotiationAllowed(false);
return sslContextFactory;
}
