Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Option to set TLS protocol version and cipher suites

See original GitHub issue

Is there a way we can set TLS protocol and CipherSuites while creating server. We have a requirement to use TLSv1.2 version and remove cipher suites with 128 keys.

Or Is there a way we can pass SSLEngine with all the required options while creating the server?

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:6 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
rossabakercommented, Jan 25, 2020

So to be specific, what’s missing are:

setEnabledCipherSuites(String[] suites)
setEnabledProtocols(String[] protocols)

We have a solution for:

setNeedClientAuth(boolean need)
setWantClientAuth(boolean want)

I don’t think anyone would want to customize:

setEnableSessionCreation(boolean flag)

And nobody should be using:

setUseClientMode(boolean mode)

An SSLContext => F[Unit] would be most flexible, but I think too flexible. I guess the title says it all: we need to add support for protocol version and cipher suites.

1reaction
RafalSumislawskicommented, Apr 27, 2019

I think you can do what you need by providing a custom SSLContext (it is responsible for creating SSLEngine) . See BlazeServerBuilder#withSSLContext.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Transport Layer Security (TLS) registry settings | Microsoft Learn
Learn about supported registry setting information for the Windows implementation of the Transport Layer Security (TLS) protocol.
Read more >
Configuring a Cipher Suites List Using TLS v1.2 and Earlier
The Cipher suites field enables you to specify the list of ciphers to be used in order of preference of use. You can...
Read more >
How to Update Ciphers and TLS Protocols
For ciphers, use the SSL/TLS Cipher Suite List text box. For protocols, use the Options for OpenSSL text box. The protocol list accepts...
Read more >
Configuring Your IBM i System Secure Sockets Layer (SSL ...
v) Enter option 2 next to QSSLCSL to modify the System SSL/TLS cipher suite list and then press ENTER. This step (as well...
Read more >
4.13. Hardening TLS Configuration Red Hat Enterprise Linux 7
The available TLS implementations offer support for various cipher suites that define all the elements that come together when establishing and using TLS...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Request (any Message actually) is not `equals`ed structurally

Next page

Inconsistent "Host header required for HTTP/1.1 request" error