Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[#1570] Allow setting of SSL ciphers as configuration option

  • Loading branch information...
commit d825525c1dbec11964d74b7cc6eaac65ff2b1c03 1 parent c130625
Alexander Reelsen authored July 19, 2012
9  documentation/manual/configuration.textile
Source Rendered
@@ -821,6 +821,15 @@ HTTP server maximum content length for response streaming, in bytes.
821 821
 Default: none - no maximum.
822 822
 
823 823
 
  824
+h3(#play.ssl.enabledCiphers). play.ssl.enabledCiphers
  825
+
  826
+This setting allows to specify certain SSL ciphers to be used. This might be needed in case you have to be PCI compliant, as some ciphers in the default settings are vulnerable to the so-called BEAST attack.
  827
+
  828
+bc. play.ssl.enabledCiphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
  829
+
  830
+Default: none - the default ciphers are chosen.
  831
+
  832
+
824 833
 h3(#play.pool). play.pool
825 834
 
826 835
 Execution pool size. Try to keep this as low as possible. Setting this to 1 thread will serialise all requests (very useful for debugging purpose). For example:
5  framework/src/play/server/ssl/SslHttpServerPipelineFactory.java
@@ -22,12 +22,17 @@ public ChannelPipeline getPipeline() throws Exception {
22 22
 
23 23
         Integer max = Integer.valueOf(Play.configuration.getProperty("play.netty.maxContentLength", "-1"));
24 24
         String mode = Play.configuration.getProperty("play.netty.clientAuth", "none");
  25
+        String enabledCiphers = Play.configuration.getProperty("play.ssl.enabledCiphers", "");
25 26
 
26 27
         ChannelPipeline pipeline = pipeline();
27 28
 
28 29
         // Add SSL handler first to encrypt and decrypt everything.
29 30
         SSLEngine engine = SslHttpServerContextFactory.getServerContext().createSSLEngine();
30 31
         engine.setUseClientMode(false);
  32
+
  33
+        if (enabledCiphers != null && enabledCiphers.length() > 0) {
  34
+            engine.setEnabledCipherSuites(enabledCiphers.replaceAll(" ", "").split(","));
  35
+        }
31 36
         
32 37
         if ("want".equalsIgnoreCase(mode)) {
33 38
             engine.setWantClientAuth(true);

0 notes on commit d825525

Please sign in to comment.
Something went wrong with that request. Please try again.