List of usage examples for io.vertx.core.net JdkSSLEngineOptions JdkSSLEngineOptions
public JdkSSLEngineOptions()
From source file:examples.NetExamples.java
License:Open Source License
public void exampleSSLEngine(Vertx vertx, JksOptions keyStoreOptions) { // Use JDK SSL engine NetServerOptions options = new NetServerOptions().setSsl(true).setKeyStoreOptions(keyStoreOptions); // Use JDK SSL engine explicitly options = new NetServerOptions().setSsl(true).setKeyStoreOptions(keyStoreOptions) .setJdkSslEngineOptions(new JdkSSLEngineOptions()); // Use OpenSSL engine options = new NetServerOptions().setSsl(true).setKeyStoreOptions(keyStoreOptions) .setOpenSslEngineOptions(new OpenSSLEngineOptions()); }
From source file:io.nitor.api.backend.tls.SetupHttpServerOptions.java
License:Apache License
public static HttpServerOptions createHttpServerOptions(JsonObject config) { JsonObject tls = config.getJsonObject("tls"); HttpServerOptions httpOptions = new HttpServerOptions() // basic TCP/HTTP options .setReuseAddress(true).setCompressionSupported(false) // otherwise it automatically compresses based on response headers even if pre-compressed with e.g. proxy .setUsePooledBuffers(true).setCompressionLevel(2) .setIdleTimeout(config.getInteger("idleTimeout", (int) MINUTES.toSeconds(10))); if (!config.getBoolean("http2", true)) { httpOptions.setAlpnVersions(asList(HTTP_1_1)); }/* w w w.ja v a 2 s.co m*/ if (tls != null) { httpOptions.setSsl(true) // server side certificate .setPemKeyCertOptions(new PemKeyCertOptions().setKeyPath(tls.getString("serverKey")) .setCertPath(tls.getString("serverCert"))) // TLS tuning .addEnabledSecureTransportProtocol("TLSv1.2").addEnabledSecureTransportProtocol("TLSv1.3"); JsonObject clientAuth = config.getJsonObject("clientAuth"); if (httpOptions.isSsl() && clientAuth != null && clientAuth.getString("clientChain") != null) { // client side certificate httpOptions.setClientAuth(REQUEST) .setTrustOptions(new PemTrustOptions().addCertPath(clientAuth.getString("clientChain"))); } if (TRUE.equals(config.getBoolean("useNativeOpenSsl"))) { httpOptions.setUseAlpn(true).setSslEngineOptions(new OpenSSLEngineOptions()); cipherSuites.stream().map(SetupHttpServerOptions::javaCipherNameToOpenSSLName) .forEach(httpOptions::addEnabledCipherSuite); } else { httpOptions.setUseAlpn(DynamicAgent.enableJettyAlpn()) .setJdkSslEngineOptions(new JdkSSLEngineOptions()); cipherSuites.forEach(httpOptions::addEnabledCipherSuite); } } return httpOptions; }
From source file:space.xkr47.vertx.acme4j.util.SetupHttpServerOptions.java
License:Apache License
public static HttpServerOptions createHttpServerOptions(DynamicCertOptions dynamicCertOptions, boolean jettyAgentAlreadyLoaded) { HttpServerOptions httpOptions = new HttpServerOptions() // basic TCP/HTTP options .setReuseAddress(true).setCompressionSupported(false) // otherwise it automatically compresses based on response headers even if pre-compressed with e.g. proxy .setUsePooledBuffers(true).setSsl(true).setKeyCertOptions(dynamicCertOptions) // TLS tuning .addEnabledSecureTransportProtocol("TLSv1.2").addEnabledSecureTransportProtocol("TLSv1.3"); // enable HTTP/2 support if we can.. if (USE_OPENSSL) { // TODO this has not really been tested with SNI yet httpOptions.setUseAlpn(true).setSslEngineOptions(new OpenSSLEngineOptions()); cipherSuites.stream().map(SetupHttpServerOptions::javaCipherNameToOpenSSLName) .forEach(httpOptions::addEnabledCipherSuite); } else {//from w w w .j a va2 s . c o m httpOptions.setUseAlpn(jettyAgentAlreadyLoaded || DynamicAgent.enableJettyAlpn()) .setJdkSslEngineOptions(new JdkSSLEngineOptions()); cipherSuites.forEach(httpOptions::addEnabledCipherSuite); } return httpOptions; }