How can I disable TLSv1.0 with spring boot and embedded tomcat?

Question

I want to de-activate TLSv1.0 with spring boot(release 1.3.3), but it doesn\'t work if application.yml as below:

ssl: protocol: TLSv1.2 key-store: /E:/

Answer 1

A way that i found is to set ciphers that are supported only by TLSv1.2. Ex: If you will put in application.yml

server.ssl.ciphers:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

And the using CURL

openssl s_client -connect example.com:443 -tls1

You will see that request will be ignored / rejected because that cipher that you set in application.yml will validate only TLSv1.2 requests.