Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

NettyWebServer uses a deprecated constructor for JdkSslContext

See original GitHub issue

Environment Details

Helidon Version: 1.0.1
Helidon SE
JDK version: irrelevant
OS: irrelevant
Docker version (if applicable): irrelevant

Problem Description

We would like to use Helidon, but with a restricted TLS version (1.2). Helidon does not allow this, and also uses a deprecated constructor of JdkSslContext in NettyWebServer.java. Please change to use the non deprecated constructor, and also make it configurable which protocols to enable / use

Steps to reproduce

“Step by step instructions to reproduce the problem”

Start WebServer, do openssl s_client -connect localhost:port -tls1, this should fail if setup with “TLSv1.2”

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:8 (3 by maintainers)

Top GitHub Comments

1reaction

romain-grecourtcommented, Apr 10, 2019

This will be part of the next release, most likely next week or so.

0reactions

romain-grecourtcommented, Apr 17, 2019

Most of the suggested implementation was kept, except the attribute changed from String[] to a Set<String> and config mapping was added.

However I forgot to add a new method to ServerConfiguration.Builder (oops), this is a bug that will be fixed promptly.

Basically this means that in v1.0.3 you can’t set the SSL enabled protocols for the default socket programmatically.

You can do it with configuration like this:

server:
  port: 8080
  host: 0.0.0.0
  ssl-protocols:
    - "TLSv1.2"
  ssl:
    private-key:
      keystore-resource-path: "xxx"
      keystore-passphrase: "xxx"

You can also configure an additional socket for SSL, programmatically or by config:

ServerConfiguration serverConfig = ServerConfiguration.builder()
        .addSocket("secure", SocketConfiguration.builder()
                .port(8081)
                .enabledSSlProtocols("TLSv1.2"))
        .build();

server:
  port: 8080
  host: 0.0.0.0
  sockets:
    secure:
      port: 8082
      host: 0.0.0.0
      ssl-protocols:
        - "TLSv1.2"
      ssl:
        private-key:
          keystore-resource-path: "xxx"
          keystore-passphrase: "xxx"

Note the inconsistency in the configuration with “ssl-protocols” and “ssl”. We will re-work the SSL configuration sometime soon to address that and the way to configure the SSL enabled protocols will change then.

Top Results From Across the Web

NettyWebServer uses a deprecated constructor for ... - GitHub

Helidon 1.0.1 uses Netty 4.1.30.Final , the JdkSslContext constructor used in NettyWebServer is not deprecated in 4.1.30.Final , but is ...

io.netty.handler.ssl.JdkSslContext.<init> java code examples

constructor. Best Java code snippets using io.netty.handler.ssl. ... @SuppressWarnings("deprecation") private JdkSslContext toJdkSslContext(ServerConfigData ...

JdkSslContext (Netty API Reference (4.1.85.Final))

Constructor Summary Deprecated. Deprecated. Creates a new JdkSslContext from a pre-configured SSLContext .

Deprecated List (Netty/Handler 4.1.14.Final API) - Javadoc.io

Use SslContextBuilder to create JdkSslContext instances and only use JdkSslContext in your code. io.netty.handler.ssl.OpenSslNpnApplicationProtocolNegotiator.

PageRequest constructors have been deprecated

It's just the constructors which have been deprecated. Instead of new PageRequest(firstResult, maxResults, new Sort(...)) you can now use