Sun Java System Application Server Platform Edition 8.2 Administration Reference

Properties

The following table describes properties for the http-service element, which configure SSL for all http-listener subelements.

Table 1–49 http-service Properties

Property 

Default 

Description 

monitoring-cache-enabled

true

If true, enables the monitoring cache.

monitoring-cache-refresh-in-millis

5000

Specifies the interval between refreshes of the monitoring cache. 

ssl-cache-entries

10000

Specifies the number of SSL sessions to be cached. 

ssl3-session-timeout

86400

Specifies the interval at which SSL3 sessions are cached. 

ssl-client-auth-data-limit

1048576

Specifies the maximum amount of data cached during the handshake phase. 

ssl-client-auth-timeout

60

Specifies the timeout for the client certificate phase. 

ssl-session-timeout

100

Specifies the interval at which SSL2 sessions are cached. 

keep-alive-query-mean-time

100

Specifies the keep-alive latency. 

keep-alive-query-max-sleep-time

100

Specifies the upper limit to the time slept after polling keep-alive connections for further requests. 

stack-size

depends on operating system 

Specifies the maximum stack size of the native thread. 

authPassthroughEnabled

false

If true, indicates that the http-listener subelements receive traffic from an SSL-terminating proxy server, which is responsible for forwarding any information about the original client request (such as client IP address, SSL keysize, and authenticated client certificate chain) to the HTTP listeners using custom request headers.

Each http-listener subelement can override this setting for itself.

proxyHandler

com.sun.enterprise.web.ProxyHandlerImpl

Specifies the fully qualified class name of a custom implementation of the com.sun.appserv.ProxyHandler abstract class, which allows a back-end application server instance to retrieve information about the original client request that was intercepted by an SSL-terminating proxy server (for example, a load balancer). An implementation of this abstract class inspects a given request for the custom request headers through which the proxy server communicates the information about the original client request to the Application Server instance, and returns that information to its caller.

The default implementation reads the client IP address from an HTTP request header named Proxy-ip, the SSL keysize from an HTTP request header named Proxy-keysize, and the SSL client certificate chain from an HTTP request header named Proxy-auth-cert. The Proxy-auth-cert value must contain the BASE-64 encoded client certificate chain without the BEGIN CERTIFICATE and END CERTIFICATE boundaries and with \n replaced with % d% a.

Only used if authPassthroughEnabled is set to true. Each http-listener subelement can override the proxyHandler setting for itself.