Spring boot with Embedded Jetty/Tomcat SSL/TLS

Posted by

Before we go ahead and create maven project, let’s make sure we have valid versions of Java ( >1.7 ) and Maven ( >3.2 )

$java -version
java version "1.8.0_91"

$mvn -v
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T22:11:47+05:30)

For more information on spring boot ,please refer to reference guide https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/

Add Spring boot starter packages which comes pre packaged with all required dependencies (By default it comes with embedded tomcat)

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.2.RELEASE</version>
</parent>
<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

For Spring boot with embedded jetty ,add below dependency 

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-web</artifactId>
	<exclusions>
		<exclusion>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-tomcat</artifactId>
		</exclusion>
	</exclusions>
</dependency>

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-jetty</artifactId>
</dependency>

Create a spring boot application Controller class with main method

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
@EnableAutoConfiguration
public class DevopsController {

    @RequestMapping("/")
    @ResponseBody
    String home() {
        return "Hello Devops!";
    }

    public static void main(String[] args) throws Exception {
        SpringApplication.run(DevopsController.class, args);
    }
}

Create a properties file application.properties

#enable/diable https
server.ssl.enabled true

#server port
server.port=8443

#ssl keystore
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=apple123
server.ssl.key-password=apple123

let’s test the ssl setup as below

$ curl -k https://localhost:8443
Hello Devops!

 Now enable only TLSv1.2 protocol but before that lets test what all TLS protocols are currently supported

$curl --tlsv1.1 -k  https://localhost:8443
Hello Devops!
$curl --tlsv1.0 -k  https://localhost:8443
Hello Devops!
$curl --tlsv1.2 -k  https://localhost:8443
Hello Devops!

 As shown above ,allTLS protocols are supported, Now lets enable TLSv1.2 protocol

#enable/diable https
server.ssl.enabled true

#server port
server.port=8443
server.ssl.key-store=classpath:keystore.jks
server.ssl.key-store-password=apple123
server.ssl.key-password=apple123

#ssl ciphers
server.ssl.ciphers TLS_RSA_WITH_AES_128_CBC_SHA256

# SSL protocol to use.
server.ssl.protocol=TLS

# Enabled SSL protocols.
server.ssl.enabled-protocols=TLSv1.2

 Verify the changes

$  curl --tlsv1.0 -k  https://localhost:8443
curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect
$  curl --tlsv1.1 -k  https://localhost:8443
curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect
$  curl --tlsv1.2 -k  https://localhost:8443
Hello Devops!

 So only TLSv1.2 is supported now.

Leave a Reply

Your email address will not be published.