core-jgi/org.adempiere.server-feature/jettyhome/etc/jetty-ssl-context-template.xml

352 lines
18 KiB
XML
Raw Normal View History

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<!-- ============================================================= -->
<!-- SSL ContextFactory configuration -->
<!-- ============================================================= -->
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<!--
To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
-->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="@ADEMPIERE_KEYSTOREPASS@"/></Set>
<Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
<Set name="KeyStoreProvider"><Property name="jetty.sslContext.keyStoreProvider"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="@ADEMPIERE_KEYSTOREPASS@"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password"/></Set>
<Set name="TrustStoreType"><Property name="jetty.sslContext.trustStoreType"/></Set>
<Set name="TrustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set>
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<Set name="EndpointIdentificationAlgorithm"><Property name="jetty.sslContext.endpointIdentificationAlgorithm"/></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
<Set name="sslSessionCacheSize"><Property name="jetty.sslContext.sslSessionCacheSize" default="-1"/></Set>
<Set name="sslSessionTimeout"><Property name="jetty.sslContext.sslSessionTimeout" default="-1"/></Set>
<Set name="RenegotiationAllowed"><Property name="jetty.sslContext.renegotiationAllowed" default="true"/></Set>
<Set name="RenegotiationLimit"><Property name="jetty.sslContext.renegotiationLimit" default="5"/></Set>
<Set name="SniRequired"><Property name="jetty.sslContext.sniRequired" default="false"/></Set>
<Set name="renegotiationAllowed">FALSE</Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<Item>.*NULL.*</Item>
<Item>.*RC4.*</Item>
<Item>.*MD5.*</Item>
<Item>.*DES.*</Item>
<Item>.*DSS.*</Item>
<Item>.*_RSA_.*SHA1$</Item>
<Item>.*_RSA_.*SHA$</Item>
<Item>.*_RSA_.*MD5$</Item>
<Item>TLS_NULL_WITH_NULL_NULL</Item>
<Item>TLS_RSA_WITH_NULL_MD5</Item>
<Item>TLS_RSA_WITH_NULL_SHA</Item>
<Item>TLS_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_RSA_WITH_RC4_128_MD5</Item>
<Item>TLS_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5</Item>
<Item>TLS_RSA_WITH_IDEA_CBC_SHA</Item>
<Item>TLS_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>TLS_RSA_WITH_DES_CBC_SHA</Item>
<Item>TLS_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_DES_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_DES_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DH_anon_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_DH_anon_WITH_RC4_128_MD5</Item>
<Item>TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_DES_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_DES_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_RC4_128_SHA</Item>
<Item>TLS_KRB5_WITH_IDEA_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_DES_CBC_MD5</Item>
<Item>TLS_KRB5_WITH_3DES_EDE_CBC_MD5</Item>
<Item>TLS_KRB5_WITH_RC4_128_MD5</Item>
<Item>TLS_KRB5_WITH_IDEA_CBC_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_PSK_WITH_NULL_SHA</Item>
<Item>TLS_DHE_PSK_WITH_NULL_SHA</Item>
<Item>TLS_RSA_PSK_WITH_NULL_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_NULL_SHA256</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DH_DSS_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DH_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DH_DSS_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DH_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA</Item>
<Item>TLS_PSK_WITH_RC4_128_SHA</Item>
<Item>TLS_PSK_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_PSK_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_PSK_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_PSK_WITH_RC4_128_SHA</Item>
<Item>TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_PSK_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_PSK_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_PSK_WITH_RC4_128_SHA</Item>
<Item>TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_RSA_PSK_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_PSK_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_SEED_CBC_SHA</Item>
<Item>TLS_DH_DSS_WITH_SEED_CBC_SHA</Item>
<Item>TLS_DH_RSA_WITH_SEED_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_SEED_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_SEED_CBC_SHA</Item>
<Item>TLS_DH_anon_WITH_SEED_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_DH_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DH_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_DH_DSS_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DH_DSS_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_DH_anon_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_DH_anon_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_PSK_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_PSK_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_PSK_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_PSK_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_PSK_WITH_NULL_SHA256</Item>
<Item>TLS_PSK_WITH_NULL_SHA384</Item>
<Item>TLS_DHE_PSK_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_PSK_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_DHE_PSK_WITH_NULL_SHA256</Item>
<Item>TLS_DHE_PSK_WITH_NULL_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_NULL_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_NULL_SHA384</Item>
<Item>TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256</Item>
<Item>TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256</Item>
<Item>TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256</Item>
<Item>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</Item>
<Item>TLS_ECDH_ECDSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_NULL_SHA</Item>
<Item>TLS_ECDH_anon_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_SRP_SHA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_SRP_SHA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</Item>
<Item>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_PSK_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_PSK_WITH_NULL_SHA</Item>
<Item>TLS_ECDHE_PSK_WITH_NULL_SHA256</Item>
<Item>TLS_ECDHE_PSK_WITH_NULL_SHA384</Item>
<Item>TLS_RSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_RSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_DH_anon_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_DH_anon_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_RSA_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_RSA_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_DH_anon_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_DH_anon_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_PSK_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_PSK_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_PSK_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_PSK_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384</Item>
<Item>TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384</Item>
<Item>TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256</Item>
<Item>TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384</Item>
<Item>TLS_RSA_WITH_AES_128_CCM</Item>
<Item>TLS_RSA_WITH_AES_256_CCM</Item>
<Item>TLS_RSA_WITH_AES_128_CCM_8</Item>
<Item>TLS_RSA_WITH_AES_256_CCM_8</Item>
<Item>TLS_PSK_WITH_AES_128_CCM</Item>
<Item>TLS_PSK_WITH_AES_256_CCM</Item>
<Item>TLS_PSK_WITH_AES_128_CCM_8</Item>
<Item>TLS_PSK_WITH_AES_256_CCM_8</Item>
</Array>
</Set>
Idempiere-4492 update library (eclipse-4.17, jasper 6-15, jetty-9.4.33, atmosphere-2.6.4) (#331) * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15 * IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration) update to default jetty configuration delete unused configuration (alpn, http2,..) * IDEMPIERE-4492 update orbit eclipse repository to 4.17 * IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom) * IDEMPIERE-4492 update jasper to 6.15.0 * IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504) get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version) but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1 * IDEMPIERE-4492 update atmosphere to 2.6.4 * IDEMPIERE-4492 refine target platform use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl + don't need to care update bundle version when update repository + at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional so it make target content has more plugins than what we use on project next step will convert include feature to include plugins to define only what we used * IDEMPIERE-4492 refine target platform (continue) don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform remove some unused feature from idempiere product * IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
2020-10-31 05:53:36 +07:00
<Set name="ExcludeProtocols">
<Array type="java.lang.String">
<Item>SSL</Item>
<Item>SSLv2</Item>
<Item>SSLv2Hello</Item>
<Item>SSLv3</Item>
</Array>
</Set>
<!-- Example of how to configure a PKIX Certificate Path revocation Checker
<Call id="pkixPreferCrls" class="java.security.cert.PKIXRevocationChecker$Option" name="valueOf"><Arg>PREFER_CRLS</Arg></Call>
<Call id="pkixSoftFail" class="java.security.cert.PKIXRevocationChecker$Option" name="valueOf"><Arg>SOFT_FAIL</Arg></Call>
<Call id="pkixNoFallback" class="java.security.cert.PKIXRevocationChecker$Option" name="valueOf"><Arg>NO_FALLBACK</Arg></Call>
<Call class="java.security.cert.CertPathBuilder" name="getInstance">
<Arg>PKIX</Arg>
<Call id="pkixRevocationChecker" name="getRevocationChecker">
<Call name="setOptions">
<Arg>
<Call class="java.util.EnumSet" name="of">
<Arg><Ref refid="pkixPreferCrls"/></Arg>
<Arg><Ref refid="pkixSoftFail"/></Arg>
<Arg><Ref refid="pkixNoFallback"/></Arg>
</Call>
</Arg>
</Call>
</Call>
</Call>
<Set name="PkixCertPathChecker"><Ref refid="pkixRevocationChecker"/></Set>
-->
</Configure>