发表新帖
发表新帖

How can I disable TLSv1.0 with spring boot and embedded tomcat?

前端 未结
关注
4 1403
日久生厌
日久生厌 2021-01-05 15:02

I want to de-activate TLSv1.0 with spring boot(release 1.3.3), but it doesn\'t work if application.yml as below:

ssl: protocol: TLSv1.2 key-store: /E:/

4条回答
  • 遥遥无期
    遥遥无期 (楼主)
    2021-01-05 15:36

    The most transparent and readable way is to explicitly configure the valid TLS protocols in your application configuration file by excluding - of course - the unwanted ones.

    e.g. in YAML

    server.ssl.enabled-protocols=TLSv1.1,TLSv1.2

    You can then start your server and check whether TLSv1.0 is working by peforming the following

    openssl s_client -connect localhost:443 -tls1

    The above connections should be rejected whereas the following two will be accepted and print the certificate's details

    openssl s_client -connect localhost:443 -tls1_1
openssl s_client -connect localhost:443 -tls1_2

    0 讨论(0)
 看不清?
提交回复
热议问题