Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable the restriction of supported TLS protocols and ciphers suites … #4823

Closed
wants to merge 3 commits into from
Closed

Enable the restriction of supported TLS protocols and ciphers suites … #4823

wants to merge 3 commits into from

Conversation

pscosta
Copy link

@pscosta pscosta commented Dec 21, 2015

This enables the restriction of supported TLS protocols and ciphers suites while configuring the UndertowEmbeddedServletContainerFactory, populating the default Ssl configuration object, without having to go through the Customizers logic.

Enable the restriction of supported TLS protocols and ciphers suites …
299eeb3 
…via Ssl arg on Undertow factory; Added simple Unit tests
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 21, 2015
@philwebb
Copy link
Member

Thanks. Have you signed the CLA?

@philwebb philwebb added status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 23, 2015
@pscosta
Copy link
Author

pscosta commented Dec 26, 2015

Hi! I'm waiting for my employer's feedback on that.. :)

@pscosta
Copy link
Author

pscosta commented Jan 8, 2016

Yes, I have signed it: 157820160108113150

Regards,
Pedro Costa

From: Phil Webb [mailto:notifications@github.com]
Sent: Wednesday, December 23, 2015 7:30 PM
To: spring-projects/spring-boot
Cc: Costa, Pedro (EXT-RandstadTechnologies - PT/Lisbon)
Subject: Re: [spring-boot] Enable the restriction of supported TLS protocols and ciphers suites … (#4823)

Thanks. Have you signed the CLAhttps://github.com/spring-projects/spring-boot/blob/master/CONTRIBUTING.adoc#sign-the-contributor-license-agreement?


Reply to this email directly or view it on GitHubhttps://github.com//pull/4823#issuecomment-166975934.

@wilkinsona wilkinsona removed the status: waiting-for-feedback We need additional information before we can continue label Jan 9, 2016
@wilkinsona
Copy link
Member

@pscosta I don't think we can merge this without also supporting it with Tomcat and Jetty. Would you like to add that to this PR?

@wilkinsona wilkinsona added the status: waiting-for-feedback We need additional information before we can continue label Jan 16, 2016
@pscosta
Copy link
Author

pscosta commented Feb 1, 2016

@wilkinsona I have added support for Tomcat and Jetty.

@wilkinsona
Copy link
Member

@pscosta Great stuff. Thanks very much

@wilkinsona wilkinsona added type: enhancement A general enhancement and removed status: waiting-for-feedback We need additional information before we can continue labels Feb 2, 2016
@wilkinsona
Copy link
Member

See #2109

@wilkinsona wilkinsona added this to the 1.4.0.M1 milestone Feb 2, 2016
@wilkinsona wilkinsona self-assigned this Feb 19, 2016
wilkinsona added a commit that referenced this pull request Feb 19, 2016
@wilkinsona
Merge pull request #4823 from Pedro Costa
59e119e 
* gh-4823:
  Polish contribution
  Make TLS protocols and cipher suites configurable via the environemnt
@wilkinsona
Copy link
Member

@pscosta Thanks again for the pull request. I've merged in into master and it'll be in 1.4.0.M1.

@whgibbo
Copy link

whgibbo commented Mar 17, 2016

Hi,
Am I right in the thinking that the property is security.ssl.enabledProtocols ?

So if have the following yml:

server:
    port: 8443
    ssl:
        enabled: true
        protocol: TLS
        enabledProtocols: 
            - TLSv1.2

With the appropriate key-alias and key-store information it should then disable TLS1 and TLS1.1 ?
What is the best way to verify that it is disabled?

Thanks

@wilkinsona
Copy link
Member

Am I right in the thinking that the property is security.ssl.enabledProtocols ?

It's server.ssl.enabledProtocols (as you have in your YAML).

What is the best way to verify that it is disabled?

Try to connect using a protocol that isn't enabled. This isn't Spring Boot-specific. One way to do that would be with openssl on the command line. If you Google, you'll find lots of examples.

@ouaibsky
Copy link

Hi,
Any chance to get this enhancement part of 1.3..X release train ?
Thx

Christophe

@philwebb
Copy link
Member

philwebb commented Jun 14, 2016
edited

@ouaibsky I'm afraid not. 1.3.x is in "bug fix only" mode and this is definitely an enhancement.

@ouaibsky
Copy link

ok, thx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wilkinsona wilkinsona

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
1.4.0.M1
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@pscosta @philwebb @wilkinsona @whgibbo @ouaibsky @spring-projects-issues