diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java index ed22a715791..9b363a6e618 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java @@ -42,9 +42,9 @@ public class Ssl { private String[] ciphers; /** - * Supported SSL protocols. + * Enabled SSL protocols. */ - private String[] protocols; + private String[] enabledProtocols; /** * Alias that identifies the key in the key store. @@ -173,6 +173,14 @@ public class Ssl { this.keyStoreProvider = keyStoreProvider; } + public String[] getEnabledProtocols() { + return this.enabledProtocols; + } + + public void setEnabledProtocols(String[] enabledProtocols) { + this.enabledProtocols = enabledProtocols; + } + public String getTrustStore() { return this.trustStore; } @@ -213,14 +221,6 @@ public class Ssl { this.protocol = protocol; } - public String[] getProtocols() { - return this.protocols; - } - - public void setProtocols(String[] protocols) { - this.protocols = protocols; - } - /** * Client authentication types. */ diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java index 24b6d5adf34..c5de3778d69 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java @@ -207,13 +207,7 @@ public class JettyEmbeddedServletContainerFactory * @param ssl the ssl details. */ protected void configureSsl(SslContextFactory factory, Ssl ssl) { - //Set the default TLS protocol factory.setProtocol(ssl.getProtocol()); - - //Assign the supported protocols, if provided - if (ssl.getProtocols() != null) { - factory.setIncludeProtocols(ssl.getProtocols()); - } configureSslClientAuth(factory, ssl); configureSslPasswords(factory, ssl); factory.setCertAlias(ssl.getKeyAlias()); @@ -221,6 +215,9 @@ public class JettyEmbeddedServletContainerFactory if (ssl.getCiphers() != null) { factory.setIncludeCipherSuites(ssl.getCiphers()); } + if (ssl.getEnabledProtocols() != null) { + factory.setIncludeProtocols(ssl.getEnabledProtocols()); + } configureSslTrustStore(factory, ssl); } diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java index e72ab2df118..6292dffbb35 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java @@ -315,22 +315,17 @@ public class TomcatEmbeddedServletContainerFactory */ protected void configureSsl(AbstractHttp11JsseProtocol protocol, Ssl ssl) { protocol.setSSLEnabled(true); - //Set the default TLS protocol protocol.setSslProtocol(ssl.getProtocol()); - - //Assign the supported protocols, if provided - if (ssl.getProtocols() != null) { - String protocols = StringUtils.arrayToCommaDelimitedString(ssl.getProtocols()); - protocol.setProperty("sslEnabledProtocols", protocols); - } - configureSslClientAuth(protocol, ssl); protocol.setKeystorePass(ssl.getKeyStorePassword()); protocol.setKeyPass(ssl.getKeyPassword()); protocol.setKeyAlias(ssl.getKeyAlias()); configureSslKeyStore(protocol, ssl); - String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()); - protocol.setCiphers(ciphers); + protocol.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers())); + if (ssl.getEnabledProtocols() != null) { + protocol.setProperty("sslEnabledProtocols", + StringUtils.arrayToCommaDelimitedString(ssl.getEnabledProtocols())); + } configureSslTrustStore(protocol, ssl); } diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java index abb6d93bf15..05b97dd36f8 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java @@ -258,14 +258,15 @@ public class UndertowEmbeddedServletContainerFactory SSLContext sslContext = SSLContext.getInstance(ssl.getProtocol()); sslContext.init(getKeyManagers(), getTrustManagers(), null); builder.addHttpsListener(port, getListenAddress(), sslContext); - builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, getSslClientAuthMode(ssl)); - - //Configure the supported TLS protocols and Cipher suites - if (ssl.getProtocols() != null) { - builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(ssl.getProtocols())); + builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, + getSslClientAuthMode(ssl)); + if (ssl.getEnabledProtocols() != null) { + builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, + Sequence.of(ssl.getEnabledProtocols())); } if (ssl.getCiphers() != null) { - builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(ssl.getCiphers())); + builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, + Sequence.of(ssl.getCiphers())); } } catch (NoSuchAlgorithmException ex) { diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java index 15dc5a73c30..88ed56ebcd7 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java @@ -530,7 +530,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { } private Ssl getSsl(ClientAuth clientAuth, String keyPassword, String keyStore, - String trustStore, String[] protocols, String[] ciphers) { + String trustStore, String[] supportedProtocols, String[] ciphers) { Ssl ssl = new Ssl(); ssl.setClientAuth(clientAuth); if (keyPassword != null) { @@ -549,17 +549,12 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { if (ciphers != null) { ssl.setCiphers(ciphers); } - if (protocols != null) { - ssl.setProtocols(protocols); + if (supportedProtocols != null) { + ssl.setEnabledProtocols(supportedProtocols); } return ssl; } - /** - * @see - * SunJSSE supported Cipher Suites - */ protected void testRestrictedSSLProtocolsAndCipherSuites(String[] protocols, String[] ciphers) throws Exception { AbstractEmbeddedServletContainerFactory factory = getFactory(); diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java index 56854e1804f..94799c0fb5c 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java @@ -159,7 +159,7 @@ public class JettyEmbeddedServletContainerFactoryTests ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); - ssl.setProtocols(new String[]{ "TLSv1.1", "TLSv1.2" }); + ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); @@ -184,7 +184,7 @@ public class JettyEmbeddedServletContainerFactoryTests ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); - ssl.setProtocols(new String[]{ "TLSv1.1" }); + ssl.setEnabledProtocols(new String[] { "TLSv1.1" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactoryTests.java index b0a5a13654f..857e5385b3d 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactoryTests.java @@ -268,7 +268,7 @@ public class TomcatEmbeddedServletContainerFactoryTests Ssl ssl = new Ssl(); ssl.setKeyStore("test.jks"); ssl.setKeyStorePassword("secret"); - ssl.setProtocols(new String[]{ "TLSv1.1", "TLSv1.2" }); + ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" }); ssl.setCiphers(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "BRAVO" }); TomcatEmbeddedServletContainerFactory factory = getFactory(); @@ -291,7 +291,7 @@ public class TomcatEmbeddedServletContainerFactoryTests Ssl ssl = new Ssl(); ssl.setKeyStore("test.jks"); ssl.setKeyStorePassword("secret"); - ssl.setProtocols(new String[]{"TLSv1.2"}); + ssl.setEnabledProtocols(new String[] { "TLSv1.2" }); ssl.setCiphers(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "BRAVO" }); TomcatEmbeddedServletContainerFactory factory = getFactory();