How to set HTTPS SSL Cipher Suite Preference in Spring boot embedded tomcat
I trying to set HTTPS SSL cipher suite preference according to server preference rather than auto select based on client & server supported common cipher suite with highest
-
You need to tell the connector's underlying protocol handler to use the server's cipher suite order. You can do so with a
WebServerFactoryCustomizer:@Bean public WebServerFactoryCustomizer<TomcatServletWebServerFactory> servletContainerCustomizer() { return (factory) -> { factory.addConnectorCustomizers((c) -> ((AbstractHttp11Protocol<?>) c.getProtocolHandler()).setUseServerCipherSuitesOrder(true)); }; }讨论(0) -
Here is my solution in Spring Boot 2.3.4.RELEASE and JDK 1.8.
It works fine for me.import org.apache.catalina.connector.Connector; import org.apache.coyote.http11.AbstractHttp11Protocol; import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class HttpsConfiguration { @Bean public WebServerFactoryCustomizer<TomcatServletWebServerFactory> servletContainerCustomizer() { return new WebServerFactoryCustomizer<TomcatServletWebServerFactory>() { @Override public void customize(TomcatServletWebServerFactory factory) { factory.addConnectorCustomizers(new TomcatConnectorCustomizer() { @Override public void customize(Connector connector) { AbstractHttp11Protocol<?> httpHandler = ((AbstractHttp11Protocol<?>) connector.getProtocolHandler()); httpHandler.setUseServerCipherSuitesOrder(true); httpHandler.setSSLProtocol("TLSv1.2"); httpHandler.setSSLHonorCipherOrder(true); httpHandler.setCiphers("TLS_EMPTY_RENEGOTIATION_INFO_SCSV,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384"); } }); } }; } }讨论(0)
加载中...
- 热议问题