How to implement TLS 1.3 in Java Spring boot Application?

Question

I want to implement TLS 1.3 in my spring boot application.

https://blog.gypsyengineer.com/en/security/an-example-of-tls-13-client-and-server-on-java.html

In this blog i have seen that TLS 1.3 can be used only with Java 11.. is that true?

Please give me step by step proceduce to implement it.

Please provide more details. Do you want to write it over HTTP? — John Eipe, Jun 06 '19 at 19:11
@John Hi John.. i am completely new to TLS.. as per my knowledge, TLS is HTTP with secure layer. When i hit this webservice, then it should be with HTTPS. — sandeep, Jun 06 '19 at 19:27
and i am really sorry, i dont see the sample in that link :( or am i missing something there? :( could you please help? — sandeep, Jun 06 '19 at 19:28

score 13 · Answer 1 · answered Jun 06 '19 at 19:24

13

If you want just TLSv1.3 in your Spring Boot application, you can configure this in your application.properties file (or any properties/yml file that is part of an active profile).

server.ssl.enabled-protocols=TLSv1.3

The server.ssl.enabled-protocols property takes a list, so if you want TLSv1.2 and TLSv1.3, you can do that as well:

server.ssl.enabled-protocols=TLSv1.2,TLSv1.3

A comprehensive guide to configuring SSL/TLS in Spring Boot can be found here, in the documentation. All of the SSL/TLS properties can be found in this appendix in the documentation.

And to answer your question, yes, TLSv1.3 was delivered in Java 11.

answered Jun 06 '19 at 19:24

Todd

30,472
11
81
89

Hi Todd, Thanks for the response... I have configured it `server.port=8443 server.ssl.enabled=true server.ssl.key-store=src/main/resources/server.jks server.ssl.key-store-type=PKCS12 server.ssl.key-store-password=secret server.ssl.key-alias=server server.ssl.key-password=secret # SSL protocol to use. server.ssl.protocol=TLS # Enabled SSL protocols. server.ssl.enabled-protocols=TLSv1.3 ` i have followed the same process that has been mentioned in this link https://www.novatec-gmbh.de/en/blog/spring-boot-applications-tls-http2/ – sandeep Jun 06 '19 at 21:09
I copied the server.jks file in src/main/resources path . but i am getting the following error. `Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.19.jar:9.0.19] at ` Any idea what the scenarios i will get this error?? – sandeep Jun 06 '19 at 21:14
@sandeep It's hard to answer questions in comments here. This looks like something about your setup, I'd recommend adding another question and providing all the detail you can. – Todd Jun 07 '19 at 12:38

How to implement TLS 1.3 in Java Spring boot Application?

1 Answers1