How to exclude weak protocols (ciphers suits) from the Netty SSLContext?

489 Views Asked by Dmitriy Dumanskiy At 12 January 2021 at 08:16

On my Netty server, I need to exclude TLS_1.0 and TLS_1.1 protocols. However, seems like Netty SslContextBuilder doesn't allow to exclude specific suits.

Current code is used to build a SSL context:

SslContextBuilder.forServer(serverCert, serverKey, serverPass)
                .sslProvider(sslProvider)
                .build();

SslContextBuilder has ciphers() method, but it's not clear how to exclude specific ciphers for the TLS_1.0 and TLS_1.1.

Is there any way to achieve that?

Original Q&A

There are 1 best solutions below

Norman Maurer On 12 January 2021 at 09:06 BEST ANSWER

You would just specify the protocols you want to support:

SslContextBuilder.forServer(serverCert, serverKey, serverPass)
                .sslProvider(sslProvider).protocols(...)

So only include TLSv1.2 and TLSv1.3 here.

Another possibility would be to specify your custom CipherSuiteFilter which filters out ciphers you don't want to support.

How to exclude weak protocols (ciphers suits) from the Netty SSLContext?

There are 1 best solutions below

Related Questions in SSL

Related Questions in NETTY

Related Questions in TLS1.0

Related Questions in TLS1.1

Trending Questions

Popular # Hahtags

Popular Questions