Add ability to configure client TLS enabled protocol versions and cipher suites via Spring properties #635
Labels
status: ideal-for-contribution
An issue that a contributor can help us with
type: enhancement
A general enhancement
Milestone
Comments
|
Sounds good. We have a config class for ssl that we use to configure the ssl context. Feel free to submit a pull request. |
mp911de
added
status: ideal-for-contribution
|
Great, I've already spent some time implementing this, I'll try and finish it off in the next little while. |
mryangza
added a commit
to mryangza/spring-vault
that referenced
this issue
Mar 15, 2021
suites via Spring properties - Adding the ability to explicitly configure the enabled SSL protocol versions and cipher suites used by the Vault HTTP client via the following Spring properties: * vault.ssl.enabled-protocols * vault.ssl.enabled-cipher-suites - Properties should be a comma-separated list of String constants that correspond to those used by the enabled SSL provider. Closes spring-projectsgh-635
mryangza
added a commit
to mryangza/spring-vault
that referenced
this issue
Mar 15, 2021
suites via Spring properties - Adding the ability to explicitly configure the enabled SSL protocol versions and cipher suites used by the Vault HTTP client via the following Spring properties: * vault.ssl.enabled-protocols * vault.ssl.enabled-cipher-suites - Properties should be a comma-separated list of String constants that correspond to those used by the enabled SSL provider. Closes spring-projectsgh-635
mp911de
pushed a commit
that referenced
this issue
Mar 16, 2021
…her suites via Spring properties. - Adding the ability to explicitly configure the enabled SSL protocol versions and cipher suites used by the Vault HTTP client via the following Spring properties: * vault.ssl.enabled-protocols * vault.ssl.enabled-cipher-suites - Properties should be a comma-separated list of String constants that correspond to those used by the enabled SSL provider. Closes gh-635 Original pull request: gh-640.
This was referenced Mar 16, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be useful if the enabled TLS protocol versions and cipher suites used by an HTTP client to Vault could be configurable via Spring properties (bound to the
org.springframework.vault.support.SslConfigurationclass). These could then be set on the SSL socket factory created by the underlying request factories created via theorg.springframework.vault.client.ClientHttpRequestFactoryFactoryclass. It looks like Apache HTTP Components and Netty support setting this via their builders, I am unsure whether OkHttp does. It might require a custom SSL socket factory wrapper that decorates the sockets as they are created (before they are connected).Thoughts? I am happy to attempt a PR.
The text was updated successfully, but these errors were encountered: