...
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"listen": [
{
"address": "0.0.0.0",
"scheme": "http",
"port": 8000,
"useproxyprotocol": true,
"useforwardedheader": false
},
{
"address": "0.0.0.0",
"scheme": "ajp",
"port": 8001
},
{
"scheme": "https",
"address": "0.0.0.0",
"port": 8443,
"sslcontext": {
"ssl.provider": "SunJSSE",
"ssl.protocol": "TLS",
"wantclientauth": true,
"needclientauth": false,
"allowrenegotiate": false,
"sni.requirematch": false,
"excludeprotocols": "SSL,SSLv2,SSLv2Hello,SSLv3",
"includeprotocols": "TLSv1.2,TLSv1.1",
"excludeciphersuites": ".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*",
"includeciphersuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA",
"keystore.type": "JKS",
"keystore.provider": "SUN",
"keystore.file": "${portalprotect.home}/dispatcher/portalprotect.key",
"keystore.password": "changeit",
"useciphersuites.order": true,
"truststore.type": "PKCS12",
"truststore.provider": "BC",
"truststore.file": "${portalprotect.home}/config/x509/issuer/certissuer.pfx",
"truststore.password": "password",
}
}
]
}
|
...
Once created, each listener has these properties which you can edit - note that the SSL options are only used if the protocol is set to https.
Listener settings
...
Default: none
JSON key: includeprotocolsÂ
Require SNI hostname to match available certificates
If set, incoming SNI hostname request must match a certificate, so no default is used.
| Warning |
|---|
This will give an SSL error in the client, if it does not send a SNI servername this server has a certificate that matches. In the default case, the first available certificate will be used if an exact match cannot be found to the client SNI request. |
Default: false
JSON key: sni.requirematchÂ
Use ciphersuites order
If set, use configured cipher suites order and prefer first specified in the list.
...