NettyWebServer uses a deprecated constructor for JdkSslContext
See original GitHub issueEnvironment Details
- Helidon Version: 1.0.1
- Helidon SE
- JDK version: irrelevant
- OS: irrelevant
- Docker version (if applicable): irrelevant
Problem Description
We would like to use Helidon, but with a restricted TLS version (1.2). Helidon does not allow this, and also uses a deprecated constructor of JdkSslContext in NettyWebServer.java
.
Please change to use the non deprecated constructor, and also make it configurable which protocols to enable / use
Steps to reproduce
“Step by step instructions to reproduce the problem”
Start WebServer,
do openssl s_client -connect localhost:port -tls1
, this should fail if setup with “TLSv1.2”
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:8 (3 by maintainers)
Top Results From Across the Web
NettyWebServer uses a deprecated constructor for ... - GitHub
Helidon 1.0.1 uses Netty 4.1.30.Final , the JdkSslContext constructor used in NettyWebServer is not deprecated in 4.1.30.Final , but is ...
Read more >io.netty.handler.ssl.JdkSslContext.<init> java code examples
constructor. Best Java code snippets using io.netty.handler.ssl. ... @SuppressWarnings("deprecation") private JdkSslContext toJdkSslContext(ServerConfigData ...
Read more >JdkSslContext (Netty API Reference (4.1.85.Final))
Constructor Summary Deprecated. Deprecated. Creates a new JdkSslContext from a pre-configured SSLContext .
Read more >Deprecated List (Netty/Handler 4.1.14.Final API) - Javadoc.io
Use SslContextBuilder to create JdkSslContext instances and only use JdkSslContext in your code. io.netty.handler.ssl.OpenSslNpnApplicationProtocolNegotiator.
Read more >PageRequest constructors have been deprecated
It's just the constructors which have been deprecated. Instead of new PageRequest(firstResult, maxResults, new Sort(...)) you can now use
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This will be part of the next release, most likely next week or so.
Most of the suggested implementation was kept, except the attribute changed from
String[]
to aSet<String>
and config mapping was added.However I forgot to add a new method to ServerConfiguration.Builder (oops), this is a bug that will be fixed promptly.
Basically this means that in v1.0.3 you can’t set the SSL enabled protocols for the default socket programmatically.
You can do it with configuration like this:
You can also configure an additional socket for SSL, programmatically or by config:
Note the inconsistency in the configuration with “ssl-protocols” and “ssl”. We will re-work the SSL configuration sometime soon to address that and the way to configure the SSL enabled protocols will change then.