Skip to content

Commit ffee7da

Browse files
janosschjanossch
committed
Apply SslOptions from SslBundle to SslContextBuilder.
Fixes #3860 Signed-off-by: janossch <[email protected]>
1 parent 093f405 commit ffee7da

File tree

2 files changed

+24
-11
lines changed

2 files changed

+24
-11
lines changed

spring-cloud-gateway-server-webflux/src/main/java/org/springframework/cloud/gateway/config/GrpcSslConfigurer.java

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727

2828
import org.springframework.boot.ssl.SslBundle;
2929
import org.springframework.boot.ssl.SslBundles;
30+
import org.springframework.boot.ssl.SslOptions;
3031

3132
/**
3233
* @author Alberto C. Ríos
@@ -49,20 +50,25 @@ private SslContext getSslContext() throws SSLException {
4950

5051
final HttpClientProperties.Ssl ssl = getSslProperties();
5152
boolean useInsecureTrustManager = ssl.isUseInsecureTrustManager();
52-
SslBundle bundle = getBundle();
53+
SslBundle sslBundle = getBundle();
5354
if (useInsecureTrustManager) {
5455
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE.getTrustManagers()[0]);
5556
}
5657

5758
if (!useInsecureTrustManager && ssl.getTrustedX509Certificates().size() > 0) {
5859
sslContextBuilder.trustManager(getTrustedX509CertificatesForTrustManager());
5960
}
60-
else if (bundle != null) {
61-
sslContextBuilder.trustManager(bundle.getManagers().getTrustManagerFactory());
61+
else if (sslBundle != null) {
62+
sslContextBuilder.trustManager(sslBundle.getManagers().getTrustManagerFactory());
6263
}
6364

64-
if (bundle != null) {
65-
sslContextBuilder.keyManager(bundle.getManagers().getKeyManagerFactory());
65+
if (sslBundle != null) {
66+
sslContextBuilder.keyManager(sslBundle.getManagers().getKeyManagerFactory());
67+
SslOptions sslOptions = sslBundle.getOptions();
68+
if (sslOptions != null && sslOptions.isSpecified()) {
69+
sslContextBuilder.ciphers(SslOptions.asSet(sslOptions.getCiphers()));
70+
sslContextBuilder.protocols(sslOptions.getEnabledProtocols());
71+
}
6672
}
6773
else {
6874
sslContextBuilder.keyManager(getKeyManagerFactory());

spring-cloud-gateway-server-webflux/src/main/java/org/springframework/cloud/gateway/config/HttpClientSslConfigurer.java

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818

1919
import java.security.cert.X509Certificate;
2020

21+
import io.netty.handler.ssl.SslContextBuilder;
2122
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
2223
import reactor.netty.http.Http11SslContextSpec;
2324
import reactor.netty.http.Http2SslContextSpec;
@@ -26,6 +27,7 @@
2627

2728
import org.springframework.boot.ssl.SslBundle;
2829
import org.springframework.boot.ssl.SslBundles;
30+
import org.springframework.boot.ssl.SslOptions;
2931
import org.springframework.boot.web.server.autoconfigure.ServerProperties;
3032

3133
public class HttpClientSslConfigurer extends AbstractSslConfigurer<HttpClient, HttpClient> {
@@ -52,24 +54,29 @@ public HttpClient configureSsl(HttpClient client) {
5254
}
5355

5456
protected void configureSslContext(HttpClientProperties.Ssl ssl, SslProvider.SslContextSpec sslContextSpec) {
55-
SslProvider.ProtocolSslContextSpec clientSslContext = (serverProperties.getHttp2().isEnabled())
57+
SslProvider.GenericSslContextSpec<SslContextBuilder> clientSslContext = serverProperties.getHttp2().isEnabled()
5658
? Http2SslContextSpec.forClient() : Http11SslContextSpec.forClient();
5759
clientSslContext.configure(sslContextBuilder -> {
5860
X509Certificate[] trustedX509Certificates = getTrustedX509CertificatesForTrustManager();
59-
SslBundle bundle = getBundle();
61+
SslBundle sslBundle = getBundle();
6062
if (trustedX509Certificates.length > 0) {
6163
setTrustManager(sslContextBuilder, trustedX509Certificates);
6264
}
6365
else if (ssl.isUseInsecureTrustManager()) {
6466
setTrustManager(sslContextBuilder, InsecureTrustManagerFactory.INSTANCE);
6567
}
66-
else if (bundle != null) {
67-
setTrustManager(sslContextBuilder, bundle.getManagers().getTrustManagerFactory());
68+
else if (sslBundle != null) {
69+
setTrustManager(sslContextBuilder, sslBundle.getManagers().getTrustManagerFactory());
6870
}
6971

7072
try {
71-
if (bundle != null) {
72-
sslContextBuilder.keyManager(bundle.getManagers().getKeyManagerFactory());
73+
if (sslBundle != null) {
74+
sslContextBuilder.keyManager(sslBundle.getManagers().getKeyManagerFactory());
75+
SslOptions sslOptions = sslBundle.getOptions();
76+
if (sslOptions != null && sslOptions.isSpecified()) {
77+
sslContextBuilder.ciphers(SslOptions.asSet(sslOptions.getCiphers()));
78+
sslContextBuilder.protocols(sslOptions.getEnabledProtocols());
79+
}
7380
}
7481
else {
7582
sslContextBuilder.keyManager(getKeyManagerFactory());

0 commit comments

Comments
 (0)