@Override public Handler<ClientOptionsBase> parse( final JsonObject options) { return Fn.get(() -> { final PemTrustOptions pem = Fn.getSemi( !options.containsKey(PATH_CERT), LOGGER, Trust.CLIENT_PEM, () -> new PemTrustOptions().addCertPath(PATH_CERT) ); return option -> option .setSsl(true) .setUseAlpn(true) .setPemTrustOptions(pem) .setOpenSslEngineOptions(new OpenSSLEngineOptions()); }, options); }
@Override public Handler<TCPSSLOptions> parse(final JsonObject options) { return Fn.get(() -> { final PemKeyCertOptions pem = Fn.getSemi( null == options || !options.containsKey(PATH_KEY) || !options.containsKey(PATH_CERT), LOGGER, Cert.SERVER_PEM, () -> new PemKeyCertOptions().setKeyPath(PATH_KEY).setCertPath(PATH_CERT) ); return option -> option .setSsl(true) .setUseAlpn(true) .setPemKeyCertOptions(pem) .setOpenSslEngineOptions(new OpenSSLEngineOptions()); }, options); }
public static HttpServerOptions createHttpServerOptions(DynamicCertOptions dynamicCertOptions, boolean jettyAgentAlreadyLoaded) { HttpServerOptions httpOptions = new HttpServerOptions() // basic TCP/HTTP options .setReuseAddress(true) .setCompressionSupported(false) // otherwise it automatically compresses based on response headers even if pre-compressed with e.g. proxy .setUsePooledBuffers(true) .setSsl(true) .setKeyCertOptions(dynamicCertOptions) // TLS tuning .addEnabledSecureTransportProtocol("TLSv1.2") .addEnabledSecureTransportProtocol("TLSv1.3"); // enable HTTP/2 support if we can.. if (USE_OPENSSL) { // TODO this has not really been tested with SNI yet httpOptions .setUseAlpn(true) .setSslEngineOptions(new OpenSSLEngineOptions()); cipherSuites.stream().map(SetupHttpServerOptions::javaCipherNameToOpenSSLName) .forEach(httpOptions::addEnabledCipherSuite); } else { httpOptions .setUseAlpn(jettyAgentAlreadyLoaded || DynamicAgent.enableJettyAlpn()) .setJdkSslEngineOptions(new JdkSSLEngineOptions()); cipherSuites.forEach(httpOptions::addEnabledCipherSuite); } return httpOptions; }
@Override public PgConnectOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) { return (PgConnectOptions)super.setOpenSslEngineOptions(sslEngineOptions); }
@Override public AmqpBridgeOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) { super.setOpenSslEngineOptions(sslEngineOptions); return this; }
@Override public ProtonServerOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) { super.setOpenSslEngineOptions(sslEngineOptions); return this; }
@Override public ProtonClientOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) { super.setOpenSslEngineOptions(sslEngineOptions); return this; }
@Override public WebClientOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) { return (WebClientOptions) super.setOpenSslEngineOptions(sslEngineOptions); }