setting ssl keystore at runtime in Jetty

Question

Is it possible to change keystore at runtime? Currently I am setting up SSL before I do a server.start() -

sslContextFactory.setTrustStore(ks);
sslContextFactor         


        

Answer 1

This has been fixed since Jetty 9.4.0, see https://github.com/eclipse/jetty.project/issues/918. You can now just override the Key/TrustStore etc. and call SslContextFactory.reload.

Note however there is a caveat with TLS session resumption: https://github.com/eclipse/jetty.project/issues/918#issuecomment-250791417. According to the comments, it shouldn't be an issue with common browsers, but who knows about IE, Mobile, non-browser clients, etc.