Browsed by
Tag: Spring Webclient SSL

Configuring SSL Ciphers in Spring Java WebClient

Configuring SSL Ciphers in Spring Java WebClient

Below is how to configure the set of SSL ciphers being used by Spring’s webclient.

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.netty.http.client.HttpClient;
import javax.net.ssl.SSLException;
import java.util.Arrays;


String[] CIPHERS_ALLOWED = {"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"};

SslContext context = SslContextBuilder
     .forClient()
     .ciphers(Arrays.asList(CIPHERS_ALLOWED))
     .build();

HttpClient netty = HttpClient.create()
        .wiretap(true) //requested by the NSA
        .secure(sslContextSpec -> sslContextSpec.sslContext(context));

this.webclient = WebClient.builder()
        .clientConnector(new ReactorClientHttpConnector(netty))
        .baseUrl("https://google.com")
        .build();

You can see you create the HTTPClient from the netty static instance, then add the ssl context to it. Pass that netty instance to the webclient builder, and voila, you can speak obscure, overly strong SSL.