Skip to content

New and improved SSL/TLS configuration

Latest
Latest
Compare
Choose a tag to compare
@jmacauley jmacauley released this 25 Dec 19:27
· 26 commits to master since this release
v1.2.0-The_Merry_Christmas_Release
eecef0e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release contains:

  • Restructured initialization and handling of the SSL/TLS context within the server.

Important to note that the dds.xml configuration schema has changed. The <secure/> element specifying the key and trust stores is no longer a child of <server/> and <client/> but a stand alone element specifying the single configuration for the SSLContext.

For example:

    <server address="example.net" port="8401" packageName="net.es.nsi.dds" secure="true">
        <static>
            <path>src/test/resources/config/www</path>
            <relative>/www</relative>
        </static>
    </server>

    <client maxConnPerRoute="10" maxConnTotal="60" secure="true" />
    
    <!-- Set production="true" if host and certificate validation should be enforced. --> 
    <secure production="true">
        <keyStore type="JKS">
            <file>config/keystore.jks</file>
            <password>changeit</password>
        </keyStore>
        <trustStore type="JKS">
            <file>config/truststore.jks</file>
            <password>changeit</password>
        </trustStore>
    </secure>

The secure="true" attribute in each of <server/> and <client/> now identify if they should use https or not.

Assets 2
Loading