http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
Attribute Description
algorithm |
The certificate encoding algorithm to be used. This defaults to |
clientAuth |
Set to |
clientCertProvider |
When client certificate information is presented in a form other than instances of |
keystoreFile |
The pathname of the keystore file where you have stored the server certificate to be loaded. By default, the pathname is the file " |
keystorePass |
The password used to access the server certificate from the specified keystore file. The default value is " |
keystoreType |
The type of keystore file to be used for the server certificate. If not specified, the default value is " |
keystoreProvider |
The name of the keystore provider to be used for the server certificate. If not specified, the list of registered providers is traversed in preference order and the first provider that supports the |
sslProtocol |
The version of the SSL protocol to use. If not specified, the default is " |
ciphers |
The comma separated list of encryption ciphers that this socket is allowed to use. By default, the default ciphers for the JVM will be used. Note that this usually means that the weak export grade ciphers will be included in the list of available ciphers. The ciphers are specified using the JSSE cipher naming convention. |
keyAlias |
The alias used to for the server certificate in the keystore. If not specified the first key read in the keystore will be used. |
trustManagerClassName |
The name of a custom trust manager class to use to validate client certificates. The class must have a zero argument constructor and must also implement |
truststoreFile |
The trust store file to use to validate client certificates. The default is the value of the |
truststorePass |
The password to access the trust store. The default is the value of the |
truststoreType |
The type of key store used for the trust store. The default is the value of the |
truststoreProvider |
The name of the truststore provider to be used for the server certificate. The default is the value of the |
sessionCacheSize |
The number of SSL sessions to maintain in the session cache. Use 0 to specify an unlimited cache size. If not specified, a default of 0 is used. |
sessionTimeout |
The time, in seconds, after the creation of an SSL session that it will timeout. Use 0 to specify an unlimited timeout. If not specified, a default of 86400 (24 hours) is used. |
crlFile |
The certificate revocation list file to use to validate client certificates. |
allowUnsafeLegacyRenegotiation |
Is unsafe legacy TLS renegotiation allowed which is likely to expose users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS protocol that allows an attacker to inject arbitrary data into the user's request. If not specified, a default of |