In a vert.x web application, does someone know by chance how to add TLS 1.3 and disable all prior versions of TLS used by default(TLS 1.1, TLS 1.2? Thank you very much for your help.
Asked
Active
Viewed 947 times
1 Answers
0
It depends on whether you want to configure the TLS versions for receiving or sending HTTP-requests.
Configure TLS versions for Vert.x HttpServer
What you are looking for is the HttpServerOptions class. You can provide an instance of that class as a paremeter of vertx.createHttpServer().
The HttpServerOptions class has two methods:
serverOptions.addEnabledSecureTransportProtocol()- and
serverOptions.removeEnabledSecureTransportProtocol()
that you can use to configure the TLS versions the server uses.
Here is a full example:
final var vertx = Vertx.vertx()
final var serverOptions = new HttpServerOptions();
serverOptions.removeEnabledSecureTransportProtocol("TLSv1");
serverOptions.removeEnabledSecureTransportProtocol("TLSv1.1");
serverOptions.removeEnabledSecureTransportProtocol("TLSv1.2");
serverOptions.addEnabledSecureTransportProtocol("TLSv1.3");
final var server = vertx.createHttpServer(serverOptions);
Please have a look at the constant TCPSSLOptions.DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS, that lists the dafault TLS versions used by the Vert.x HTTP server.
Please also note, that the documentation of this constant says:
SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE
Configure TLS versions for Vert.x WebClient
What you are looking for is the WebClientOptions class. You can provide an instance of that class as a paremeter of WebClient.create().
The WebClientOptions class has two methods:
clientOptions.addEnabledSecureTransportProtocol()- and
clientOptions.removeEnabledSecureTransportProtocol()
that you can use to configure the TLS versions the server uses.
Here is a full example:
final var vertx = Vertx.vertx();
final var clientOptions = new WebClientOptions();
clientOptions.removeEnabledSecureTransportProtocol("TLSv1");
clientOptions.removeEnabledSecureTransportProtocol("TLSv1.1");
clientOptions.removeEnabledSecureTransportProtocol("TLSv1.2");
clientOptions.addEnabledSecureTransportProtocol("TLSv1.3");
final var client = WebClient.create(vertx, clientOptions);
The dafault versions used by the Vert.x WebClient are specified using the same constant as in the server.
Jonas Taulien
- 68
- 10