-
Notifications
You must be signed in to change notification settings - Fork 40.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable the restriction of supported TLS protocols and ciphers suites … #4823
Conversation
…via Ssl arg on Undertow factory; Added simple Unit tests
Thanks. Have you signed the CLA? |
Hi! I'm waiting for my employer's feedback on that.. :) |
Yes, I have signed it: 157820160108113150 Regards, From: Phil Webb [mailto:notifications@github.com] Thanks. Have you signed the CLAhttps://github.com/spring-projects/spring-boot/blob/master/CONTRIBUTING.adoc#sign-the-contributor-license-agreement? — |
@pscosta I don't think we can merge this without also supporting it with Tomcat and Jetty. Would you like to add that to this PR? |
…y; Added Unit tests
@wilkinsona I have added support for Tomcat and Jetty. |
@pscosta Great stuff. Thanks very much |
See #2109 |
* gh-4823: Polish contribution Make TLS protocols and cipher suites configurable via the environemnt
@pscosta Thanks again for the pull request. I've merged in into master and it'll be in 1.4.0.M1. |
Hi, So if have the following yml:
With the appropriate key-alias and key-store information it should then disable TLS1 and TLS1.1 ? Thanks |
It's
Try to connect using a protocol that isn't enabled. This isn't Spring Boot-specific. One way to do that would be with |
Hi, Christophe |
@ouaibsky I'm afraid not. 1.3.x is in "bug fix only" mode and this is definitely an enhancement. |
ok, thx |
This enables the restriction of supported TLS protocols and ciphers suites while configuring the
UndertowEmbeddedServletContainerFactory
, populating the default Ssl configuration object, without having to go through the Customizers logic.