如何在Spring-boot上启用TLS 1.2? [英] How do you enable TLS 1.2 on Spring-boot?
问题描述
我试图在Spring-boot 1.2.1上的Tomcat上启用TLS 1.2.由于SSL握手失败,Android 5.0无法连接到默认的SSL设置. Android 4.4,iOS,Firefox和Chrome均已连接到默认版本.我认为这是由于Android 5.0支持的TLS协议不匹配以及Spring Boot Tomcat默认设置(TLS v1?).
I am trying to enable TLS 1.2 on Tomcat on Spring-boot 1.2.1. Android 5.0 is failing to connect to the default SSL settings, due to an SSL handshake failure. Android 4.4, iOS, Firefox, and Chrome all connect to the default version. I think this is because of a mismatch in the TLS protocols supported in Android 5.0 and the spring boot tomcat defaults (TLS v1?).
我想我想更改此application.properties设置:
I imagine I want to change this application.properties setting:
server.ssl.protocol=TLS
但是我还没有找到其他可接受的字符串(或者是否有任何偶数).通过在 spring boot github 中的协议"中搜索,找不到任何枚举. 我已经尝试过"TLSv1.2",但这似乎没有任何效果.
but I have not located the other acceptable strings (or if there are any, even). There is no enumeration that I can find by searching on "protocol" in spring boot github. I have tried "TLSv1.2", but this appears to have no effect.
application.properties中的当前SSL配置为:
The current SSL configuration in application.properties is:
server.ssl.key-store = chainedcertificates.p12
server.ssl.key-store-password = secret
server.ssl.key-store-type = PKCS12
如何在春季启动中启用TLS 1.2?
How do you enable TLS 1.2 in spring boot?
如果有关系,我正在使用Java 1.7.有关此文档的文档似乎表明它应支持TLS 1.2.
If it matters, I am using Java 1.7. The documentation for this seems to indicate it should support TLS 1.2.
Tomcat 8似乎已提供支持.我不确定如何准确检查Spring Boot中正在运行的版本.
Tomcat 8 seems to have support present. I am not sure how to check exactly which version is running in spring boot.
推荐答案
spring-boot 1.2.1中默认启用TLS 1.2.可以通过从命令行运行以下命令来验证
TLS 1.2 is enabled by default in spring-boot 1.2.1. This can be verified by running the following from the command line
openssl s_client -connect serverAddress:port
输出
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
所以我的问题一定是分开的.
So my problem must be something separate.
这篇关于如何在Spring-boot上启用TLS 1.2?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
