在嵌入式Jetty上启用TLS-1.2 [英] Enabling TLS-1.2 on embedded Jetty
问题描述
目前,我正在使用启用TLS 1.2的代码:
Currently I am using this code which is enabling TLS 1.2:
ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(https_config));
httpsConnector.setPort(8443);
httpsConnector.setIdleTimeout(50000)
现在我正在使用TLS 1.1并想要更改它TLS 1.2。
Now I am using TLS 1.1 and want to change it to TLS 1.2.
推荐答案
Java 8默认为TLS / 1.2。
Java 8 is TLS/1.2 by default.
- https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls
您可以使用以下技术在JVM中诊断TLS:
You can diagnose TLS in the JVM using the techniques at:
- https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
如果要强制TLS / 1.2,请参见以下先前的答案:
If you want to force TLS/1.2, see the prior answer at:
如何强制Java服务器仅接受tls 1.2并拒绝tls 1.0和tls 1.1连接
知道您公开的密码和协议在Jetty的SslContextFactory中也会对您的TLS支持级别产生影响。 (例如:您可以排除TLS / 1.0知道的不保留任何密码进行协商的密码)
Know that the ciphers and protocols you expose in Jetty's SslContextFactory will also have an influence on your TLS support level. (For example: you can exclude the ciphers that TLS/1.0 knows about leaving no ciphers to negotiate against)
这篇关于在嵌入式Jetty上启用TLS-1.2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!