在SpringBoot中启用SSL / TLS支持

时间:2017-10-02 04:48:46

标签: java spring security spring-boot webserver

我在SpringBoot中启用了SSL支持,它在application.properties中提供了以下属性,并且工作正常

server.ssl.key-store=keystore.p12 
server.ssl.key-store-password=password
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

但我没有为下面的属性提供什么值

server.ssl.ciphers 
server.ssl.protocol
server.ssl.enabled-protocols

我想使用强密码/协议,以便我的应用程序不容易受到攻击。

如果我没有在application.properties中指定它们,那么它们的默认值是什么?

我使用Java 1.8和SpringBoot版本1.5.3以及Undertow作为Web服务器

1 个答案:

答案 0 :(得分:0)

查看文档中提供的属性:

https://docs.spring.io/spring-boot/docs/current/api/org/springframework/boot/autoconfigure/web/ServerProperties.html

您可以使用底层和tomcat的嵌套特定属性来设置ssl属性。

以下属性设置为默认private String protocol = "TLS"; 

@ConfigurationProperties(prefix = "server", ignoreUnknownFields = true)
public class ServerProperties
        implements EmbeddedServletContainerCustomizer, EnvironmentAware, Ordered {

    /**
     * Server HTTP port.
     */
    private Integer port;

    /**
     * Network address to which the server should bind to.
     */
    private InetAddress address;

    /**
     * Context path of the application.
     */
    private String contextPath;

    /**
     * Display name of the application.
     */
    private String displayName = "application";

    @NestedConfigurationProperty
    private ErrorProperties error = new ErrorProperties();

    /**
     * Path of the main dispatcher servlet.
     */
    private String servletPath = "/";

    /**
     * ServletContext parameters.
     */
    private final Map<String, String> contextParameters = new HashMap<String, String>();

    /**
     * If X-Forwarded-* headers should be applied to the HttpRequest.
     */
    private Boolean useForwardHeaders;

    /**
     * Value to use for the Server response header (no header is sent if empty).
     */
    private String serverHeader;

    /**
     * Maximum size in bytes of the HTTP message header.
     */
    private int maxHttpHeaderSize = 0; // bytes

    /**
     * Maximum size in bytes of the HTTP post content.
     */
    private int maxHttpPostSize = 0; // bytes

    /**
     * Time in milliseconds that connectors will wait for another HTTP request before
     * closing the connection. When not set, the connector's container-specific default
     * will be used. Use a value of -1 to indicate no (i.e. infinite) timeout.
     */
    private Integer connectionTimeout;

    private Session session = new Session();

    @NestedConfigurationProperty
    private Ssl ssl;

    @NestedConfigurationProperty
    private Compression compression = new Compression();

    @NestedConfigurationProperty
    private JspServlet jspServlet;

    private final Tomcat tomcat = new Tomcat();

    private final Jetty jetty = new Jetty();

    private final Undertow undertow = new Undertow();

    private Environment environment;


}
相关问题
最新问题