Which TLS version does Netty support? TLS 1.0, 1.1 or 1.2? I looked at http://netty.io/5.0/xref/io/netty/handler/ssl/SslHandler.html but it doesn't say which version exactly.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
It may depend upon a few things. For example:
1) What version of java are you using and are you using Netty as a client or server?
Java 1.7 enables TLS 1.2 in server mode but disables it in client mode by default. See https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls for reference.
2) Are you using the Java or OpenSSL JNI providers?
That java provider will have the typical java configuration but the OpenSSL provider will depend upon the version of OpenSSL you link in.
3) What version of Netty are you using?
I am not too familiar with the 3.9x branches so you will have to investigate if they are consistent with 4.x and 5.0.
For a common use case (Java 8, Netty Server, Java ssl providers, netty 4.x or 5.x) Netty will support TLS 1.0, 1.1, 1.2 as defined here if they are supported by the SSLEngine you configure in your pipeline.
回答2:
Netty uses Java SSL engine internally as follows inside it's handler chain.
pipeline.addLast("ssl", new SslHandler(sslEngine)); So the TLS version it supports depends on the JDK version you use. For an example if you sre using JDK 1.6, it supports TLSv1 where as JDK 1.7 supports, TLSv1,TLSv1.1,TLSv1.2.
Regards, Ravindra.