Package com.github.ambry.config

Class SSLConfig

java.lang.Object

com.github.ambry.config.SSLConfig

public class SSLConfig
extends java.lang.Object

The configs for SSL

Field Summary

Fields

Modifier and Type	Field	Description
java.lang.String	sslCipherSuites	The SSL supported cipher suites, a comma separated list of values
java.lang.String	sslClientAuthentication	The SSL client authentication config
java.lang.String	sslContextProtocol	The SSL protocol for SSLContext
java.lang.String	sslContextProvider	The SSL provider for SSLContext
java.lang.String	sslEnabledProtocols	The enabled protocols for SSLEngine, a comma separated list of values
java.lang.String	sslEndpointIdentificationAlgorithm	The SSL endpoint identification algorithm
java.lang.String	sslFactory	The implementation of SSLFactory to use.
java.lang.String	sslHttp2Factory	The implementation of SSLFactory to use.
boolean	sslHttp2SelfSign	Use self signed HTTP2 SSL certification if set to true.
java.lang.String	sslKeymanagerAlgorithm	The SSL keymanager algorithm.
java.lang.String	sslKeyPassword	The SSL key password The key store protects each private key with its individual password
java.lang.String	sslKeystorePassword	The SSL key store password There could be multiple keys in one key store This password is to protect the integrity of the entire key store
java.lang.String	sslKeystorePath	The SSL key store path
java.lang.String	sslKeystoreType	The SSL key store type
java.lang.String	sslSecureRandomAlgorithm	The SecureRandom PRNG algorithm to use for SSL cryptography operations.
java.lang.String	sslTrustmanagerAlgorithm	The SSL trustmanager algorithm This is only honored by JdkSslFactory.
java.lang.String	sslTruststorePassword	The SSL trust store password
java.lang.String	sslTruststorePath	The SSL trust store path
java.lang.String	sslTruststoreType	The SSL trust store type

Constructor Summary

Constructors

Constructor	Description
SSLConfig(VerifiableProperties verifiableProperties)

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

sslContextProtocol

@Config("ssl.context.protocol")
@Default("TLS")
public final java.lang.String sslContextProtocol

The SSL protocol for SSLContext

sslContextProvider

@Config("ssl.context.provider")
@Default("")
public final java.lang.String sslContextProvider

The SSL provider for SSLContext

sslEnabledProtocols

@Config("ssl.enabled.protocols")
@Default("TLSv1.2")
public final java.lang.String sslEnabledProtocols

The enabled protocols for SSLEngine, a comma separated list of values

sslEndpointIdentificationAlgorithm

@Config("ssl.endpoint.identification.algorithm")
@Default("")
public final java.lang.String sslEndpointIdentificationAlgorithm

The SSL endpoint identification algorithm

sslSecureRandomAlgorithm

@Config("ssl.secure.random.algorithm")
@Default("")
public final java.lang.String sslSecureRandomAlgorithm

The SecureRandom PRNG algorithm to use for SSL cryptography operations. This is only honored by JdkSslFactory. NettySslFactory uses a native SSL impl and does not rely on SecureRandom.

sslClientAuthentication

@Config("ssl.client.authentication")
@Default("required")
public final java.lang.String sslClientAuthentication

The SSL client authentication config

sslKeymanagerAlgorithm

@Config("ssl.keymanager.algorithm")
@Default("")
public final java.lang.String sslKeymanagerAlgorithm

The SSL keymanager algorithm. This is only honored by JdkSslFactory. NettySslFactory always uses the default value to maintain compatibility with the OpenSSL-based engine.

sslTrustmanagerAlgorithm

@Config("ssl.trustmanager.algorithm")
@Default("")
public final java.lang.String sslTrustmanagerAlgorithm

The SSL trustmanager algorithm This is only honored by JdkSslFactory. NettySslFactory always uses the default value to maintain compatibility with the OpenSSL-based engine.

sslKeystoreType

@Config("ssl.keystore.type")
@Default("JKS")
public final java.lang.String sslKeystoreType

The SSL key store type

sslKeystorePath

@Config("ssl.keystore.path")
@Default("")
public final java.lang.String sslKeystorePath

The SSL key store path

sslKeystorePassword

@Config("ssl.keystore.password")
@Default("")
public final java.lang.String sslKeystorePassword

The SSL key store password There could be multiple keys in one key store This password is to protect the integrity of the entire key store

sslKeyPassword

@Config("ssl.key.password")
@Default("")
public final java.lang.String sslKeyPassword

The SSL key password The key store protects each private key with its individual password

sslTruststoreType

@Config("ssl.truststore.type")
@Default("JKS")
public final java.lang.String sslTruststoreType

The SSL trust store type

sslTruststorePath

@Config("ssl.truststore.path")
@Default("")
public final java.lang.String sslTruststorePath

The SSL trust store path

sslTruststorePassword

@Config("ssl.truststore.password")
@Default("")
public final java.lang.String sslTruststorePassword

The SSL trust store password

sslCipherSuites

@Config("ssl.cipher.suites")
@Default("")
public final java.lang.String sslCipherSuites

The SSL supported cipher suites, a comma separated list of values

sslFactory

@Config("ssl.factory")
@Default("com.github.ambry.commons.JdkSslFactory")
public final java.lang.String sslFactory

The implementation of SSLFactory to use.

sslHttp2Factory

@Config("ssl.http2.factory")
@Default("com.github.ambry.rest.NettySslHttp2Factory")
public final java.lang.String sslHttp2Factory

The implementation of SSLFactory to use.

sslHttp2SelfSign

@Config("ssl.http2.self.sign")
@Default("true")
public final boolean sslHttp2SelfSign

Use self signed HTTP2 SSL certification if set to true. Note: Production systems should set this to false as it is relatively insecure.

Constructor Detail

SSLConfig

public SSLConfig(VerifiableProperties verifiableProperties)