{"id":794,"date":"2019-05-12T16:29:44","date_gmt":"2019-05-12T22:29:44","guid":{"rendered":"https:\/\/mycomputerninja.com\/?p=794"},"modified":"2019-05-13T16:30:20","modified_gmt":"2019-05-13T22:30:20","slug":"configuring-ssl-ciphers-in-spring-java-webclient","status":"publish","type":"post","link":"https:\/\/mycomputerninja.com\/?p=794","title":{"rendered":"Configuring SSL Ciphers in Spring Java WebClient"},"content":{"rendered":"\n<p>Below is how to configure the set of SSL ciphers being used by Spring&#8217;s webclient.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">import io.netty.handler.ssl.SslContext;\nimport io.netty.handler.ssl.SslContextBuilder;\nimport org.springframework.beans.factory.annotation.Value;\nimport org.springframework.http.HttpHeaders;\nimport org.springframework.http.client.reactive.ReactorClientHttpConnector;\nimport org.springframework.stereotype.Service;\nimport org.springframework.web.reactive.function.client.WebClient;\nimport reactor.netty.http.client.HttpClient;\nimport javax.net.ssl.SSLException;\nimport java.util.Arrays;\n\n\nString[] CIPHERS_ALLOWED = {\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\n        \"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\",\n\"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\"};\n\nSslContext context = SslContextBuilder\n     .<em>forClient<\/em>()\n     .ciphers(Arrays.<em>asList<\/em>(CIPHERS_ALLOWED))\n     .build();\n\nHttpClient netty = HttpClient.<em>create<\/em>()\n        .wiretap(true) \/\/requested by the NSA\n        .secure(sslContextSpec -> sslContextSpec.sslContext(context));\n\nthis.webclient = WebClient.<em>builder<\/em>()\n        .clientConnector(new ReactorClientHttpConnector(netty))\n        .baseUrl(\"https:\/\/google.com\")\n        .build();<\/pre>\n\n\n\n<p>You can see you create the HTTPClient from the netty static instance, then add the ssl context to it.  Pass that netty instance to the webclient builder, and <em>voila<\/em>, you can speak obscure, overly strong SSL. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><!--adsense--><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Below is how to configure the set of SSL ciphers being used by Spring&#8217;s webclient. import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; import org.springframework.http.client.reactive.ReactorClientHttpConnector; import org.springframework.stereotype.Service; import org.springframework.web.reactive.function.client.WebClient; import reactor.netty.http.client.HttpClient; import javax.net.ssl.SSLException; import java.util.Arrays; String[] CIPHERS_ALLOWED = {&#8220;TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384&#8221;, &#8220;TLS_DHE_RSA_WITH_AES_256_GCM_SHA384&#8221;, &#8220;TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384&#8221;}; SslContext context = SslContextBuilder .forClient() .ciphers(Arrays.asList(CIPHERS_ALLOWED)) .build(); HttpClient netty = HttpClient.create() .wiretap(true) \/\/requested by the NSA .secure(sslContextSpec -> sslContextSpec.sslContext(context)); this.webclient = WebClient.builder() .clientConnector(new ReactorClientHttpConnector(netty)) .baseUrl(&#8220;https:\/\/google.com&#8221;) .build(); You can see you create the HTTPClient from the netty static instance, then&#8230;<\/p>\n<p class=\"read-more\"><a class=\"btn btn-default\" href=\"https:\/\/mycomputerninja.com\/?p=794\"> Read More<span class=\"screen-reader-text\">  Read More<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[432,490,491,492],"class_list":["post-794","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-spring","tag-spring-webclient-ssl","tag-ssl","tag-webclient"],"_links":{"self":[{"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=\/wp\/v2\/posts\/794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=794"}],"version-history":[{"count":3,"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=\/wp\/v2\/posts\/794\/revisions"}],"predecessor-version":[{"id":799,"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=\/wp\/v2\/posts\/794\/revisions\/799"}],"wp:attachment":[{"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycomputerninja.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}