Question: How to enable TLSv1.0 for embedded server?

[toyknight]

As TLSv1.2 is not supported/enabled on some old Android devices (API < 20), I was wondering if there's a way to let embedded server enable TLSv1.0?

Thanks in advance.

[tcervi]

There is a PCI Data Security Standard that recommends to disable TLSv1.0. But, if you really want to use this protocol version, Spark 2.6.0 comes with the option of using a configurable embedded Jetty server. I've asked a question in the past (#914) when I was needing access to SSLContext to customize my connector (pretty close to what you need) and found that there was an issue with custom connectors added to the custom-embedded-server being overwritten by the default ones. The issue generated a PR (#915) to overcome it, and since it was accepted the custom connectors are able to be used.
So, you can checkout to the current master branch and compile an "unofficial" version of Spark Core and use it into your project that needs the TLSv1.0 (or wait until the next official release).

Spark Documentation has a great start point here to guide you through the basic of configurable Embedded Jetty Servers. After that, here you can find information and examples about adding SSL support to your Embedded Jetty Server. Remember that your SSLContextFactory has the setIncludeProtocols method and you can specify your desired version with it. You also have a bunch of methods to configure the connector as you wish.

Try this sort of solution and it will solve your issue.

[toyknight]

@tcervi Thanks for the detailed answer! Let me try it out.

[toyknight]

The custom connector successfully worked, closing the issue.