private boolean anyChangeRequiresRestart(HTTPConnectionHandlerCfg newCfg) {
   return !equals(newCfg.getListenPort(), initConfig.getListenPort())
       || !Objects.equals(newCfg.getListenAddress(), initConfig.getListenAddress())
       || !equals(newCfg.getMaxRequestSize(), currentConfig.getMaxRequestSize())
       || !equals(newCfg.isAllowTCPReuseAddress(), currentConfig.isAllowTCPReuseAddress())
       || !equals(newCfg.isUseTCPKeepAlive(), currentConfig.isUseTCPKeepAlive())
       || !equals(newCfg.isUseTCPNoDelay(), currentConfig.isUseTCPNoDelay())
       || !equals(
           newCfg.getMaxBlockedWriteTimeLimit(), currentConfig.getMaxBlockedWriteTimeLimit())
       || !equals(newCfg.getBufferSize(), currentConfig.getBufferSize())
       || !equals(newCfg.getAcceptBacklog(), currentConfig.getAcceptBacklog())
       || !equals(newCfg.isUseSSL(), currentConfig.isUseSSL())
       || !Objects.equals(
           newCfg.getKeyManagerProviderDN(), currentConfig.getKeyManagerProviderDN())
       || !Objects.equals(newCfg.getSSLCertNickname(), currentConfig.getSSLCertNickname())
       || !Objects.equals(
           newCfg.getTrustManagerProviderDN(), currentConfig.getTrustManagerProviderDN())
       || !Objects.equals(newCfg.getSSLProtocol(), currentConfig.getSSLProtocol())
       || !Objects.equals(newCfg.getSSLCipherSuite(), currentConfig.getSSLCipherSuite())
       || !Objects.equals(newCfg.getSSLClientAuthPolicy(), currentConfig.getSSLClientAuthPolicy());
 }
  private SSLContext createSSLContext(HTTPConnectionHandlerCfg config) throws Exception {
    if (!config.isUseSSL()) {
      return null;
    }

    DN keyMgrDN = config.getKeyManagerProviderDN();
    KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
    if (keyManagerProvider == null) {
      logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
      logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
      keyManagerProvider = new NullKeyManagerProvider();
      enabled = false;
    } else if (!keyManagerProvider.containsAtLeastOneKey()) {
      logger.error(ERR_INVALID_KEYSTORE, friendlyName);
      logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
      enabled = false;
    }

    final SortedSet<String> aliases = new TreeSet<>(config.getSSLCertNickname());
    final KeyManager[] keyManagers;
    if (aliases.isEmpty()) {
      keyManagers = keyManagerProvider.getKeyManagers();
    } else {
      final Iterator<String> it = aliases.iterator();
      while (it.hasNext()) {
        if (!keyManagerProvider.containsKeyWithAlias(it.next())) {
          logger.error(ERR_KEYSTORE_DOES_NOT_CONTAIN_ALIAS, aliases, friendlyName);
          it.remove();
        }
      }
      if (aliases.isEmpty()) {
        logger.warn(INFO_DISABLE_CONNECTION, friendlyName);
        enabled = false;
      }
      keyManagers =
          SelectableCertificateKeyManager.wrap(keyManagerProvider.getKeyManagers(), aliases);
    }

    DN trustMgrDN = config.getTrustManagerProviderDN();
    TrustManagerProvider<?> trustManagerProvider =
        DirectoryServer.getTrustManagerProvider(trustMgrDN);
    if (trustManagerProvider == null) {
      trustManagerProvider = new NullTrustManagerProvider();
    }

    SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
    sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
    return sslContext;
  }