ssl

Can be used in:

Syntax

<ssl
  [algorithm="..."]
  [protocol="..."]
  [ciphers="..."]
  [clientAuth="..."]>
  <keystore
	location="..." [password="..."]
	[type="..."] [provider="..."]
	[keyPassword="..."] [keyAlias="..."] >?
  <truststore
	location="..." [password="..."]
	[type="..."] [provider="..."]
	[algorithm="..."] >?
</ssl>

Sample

Inbound Sample

This example is taken from examples/ssl-server. It demonstrates how to configure inbound SSL.

<serviceProxy port="443">
  <ssl>
	<keystore
	  location="../../conf/membrane.jks"
	  password="secret" keyPassword="secret" />
	<truststore
	  location="../../conf/membrane.jks" password="secret" />
  </ssl>
  <wsdlRewriter protocol="https" />
  <target host="thomas-bayer.com" />
</serviceProxy>

Outbound Sample

This example is taken from examples/ssl-client. It demonstrates how to configure outbound SSL.

<serviceProxy port="8080">
  <path>/svn</path>
  <target host="predic8.com" port="443">
	<ssl />
  </target>
</serviceProxy>

Attributes

Name	Required	Default	Description	Example
useExperimentalHttp2	false	false	whether to enable receiving HTTP/2 requests. (experimental)	-
protocol	false	TLS	SSLContext.getInstance()	-
showSSLExceptions	false	true	Tells Membrane to show SSL exceptions in its log	-
useAsDefault	false	true	whether to use the SSLContext built from this SSLParser when no SNI header was transmitted.	-
endpointIdentificationAlgorithm	false	HTTPS	See setEndpointIdentificationAlgorithm().	-
ciphers	false	all system default ciphers	Space separated list of ciphers to allow. getSupportedCipherSuites()	TLS_ECDH_anon_WITH_RC4_128_SHA
serverName	false	same as target hostname.	Setting the serverName tells Java to use the SNI (...) on outbound TLS connections to indicate to the TLS server, which hostname the client wants to connect to.	-
protocols	false	TLS*	SSLSocket.setEnabledProtocols()	-
clientAuth	false	not set	Either not set (=no), or want or need.	`need`
ignoreTimestampCheckFailure	false	-	-	-
algorithm	false	java default	getDefaultAlgorithm()	SunX509

Name

Required

Default

Description

Example

useExperimentalHttp2

false

whether to enable receiving HTTP/2 requests. (experimental)

protocol

false

TLS

SSLContext.getInstance()

showSSLExceptions

false

true

Tells Membrane to show SSL exceptions in its log

useAsDefault

false

true

whether to use the SSLContext built from this SSLParser when no SNI header was transmitted.

endpointIdentificationAlgorithm

false

HTTPS

See setEndpointIdentificationAlgorithm().

ciphers

false

all system default ciphers

Space separated list of ciphers to allow. getSupportedCipherSuites()

TLS_ECDH_anon_WITH_RC4_128_SHA

serverName

false

same as target hostname.

Setting the serverName tells Java to use the SNI (...) on outbound TLS connections to indicate to the TLS server, which hostname the client wants to connect to.

protocols

false

TLS*

SSLSocket.setEnabledProtocols()

clientAuth

false

not set

Either not set (=no), or want or need.

need

ignoreTimestampCheckFailure

false

algorithm

false

java default

getDefaultAlgorithm()

SunX509

Elements	Description	Cardinality
key	Used to manually compose the keystore.	0..1
keyGenerator	Used to dynamically generate a key for the incoming connection on the fly.	0..1
trust	Used to manually compose the truststore.	0..1

Elements

Description

Cardinality

key

Used to manually compose the keystore.

0..1

keyGenerator

Used to dynamically generate a key for the incoming connection on the fly.

0..1

trust

Used to manually compose the truststore.

0..1

Can be used in:

Syntax

Sample

Inbound Sample

Outbound Sample

Attributes

Child Elements

Other optional Child Elements

More information