I have a SpringBoot deployment that is working fine with HTTP. Now, i need to convert everything to HTTPs. By following up the instructions, i made following changes.
server.port=8080
server.ssl.key-store=/opt/config/someApp.p12
server.ssl.key-store-password=pwd
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=someApp
server.ssl.key-password=pwd
The jar deployment opens 8080 via https. i can see this from log.
INFO 23716 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (https)
However, i am not able to hit the web server via https://localhost:8080.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Since i am not expert on SSL/TLS. just wondering if anyone knows. what is the guideline and debugging from SpringBoot over HTTPS?
BTW, i tested on one server with 8443. the same issue
Thanks,
Tony
Related
I have a Spring Boot application running with Spring Security in a Ubuntu server. The application is listening on port 9090 and I have added a port forward from port 80 to port 9090.
However I'm having trouble serving static content via port 80 (getting 403 responses).
If I make the same request via port 9090 the request works ok.
Do I have to add something to the Spring Security config class?
EDIT: The behaviour seems to be somewhat erratic. Just restarted the webserver and it looks that is able to serve some static contents. Html, css and js are working fine. Favicon and some image files are still not working (403 response).
I'm trying to disable TLS <1.2 (so disable TLS 1.0 & 1.1) on my Spring boot (v. 1.4) app which is running on Heroku.
This app integrates with Salesforce so for security reasons the app (which is an outside website) should not accept TLS connections that are <1.2.
Since the Spring Boot version is 1.4, it really should be as simple as adding a few lines of code to the application.properties file OR the yaml. And, I have tried this in almost every combination.
For example, I currently have the following in my yaml:
Spring:
server:
ssl:
enabled: true
protocol: TLS
enabled-Protocols: [TLSv1.2]
The application builds fine on Heroku and is up and running, but it still accepts TLS 1.0 and 1.1 connections (confirmed via https://www.cdn77.com/tls-test), and I really do not understand why.
I'm trying to determine if this is something related to Heroku. They do manage certificates automatically via what they call ACM. And with ACM you are not able to disable certain versions of TLS. But, my understanding would be that it shouldn't matter, if I'm telling the embedded Tomcat (Spring Boot) server to only accept TLS 1.2 connections, then the Heroku server should actually come after that and hence follow the same rules.
Just to add all of the information I have: server.error.whitelabel.enabled = false is in the application.properties file. This is the only server setting in that file, but I'm just adding in case maybe applications.properties file could interfere with the yaml? (even though I have tried removing it and it did not fix the issue).
So, why is my app / website still accepting TLS <1.2 connections??
Any insight on this would be greatly appreciated!
so, i tried to deploy spring boot app to a PCF Server. When i deployed it, the logs showed that my application was shut down because it failed to open a tomcat server because there is a java.netsocketexception where it says that permission denied. The tomcat server was fine for a moment (it successfully use the port) but the next moment, it was shut down because there is the permission denied netsocketexception.
the port i tried to use is port 443. i tried to look up to several kinds of problems. one of it said that i need to have root access to be able to use port lower than 1000. the problem is, my other apps, which is eureka server run perfectly even when i use port 443.
the configuration, build-pack, and everything is the same. and it is even deployed on a same pcf platform. so, why can this app failed but the other (eureka server) can use the 443 port.
can anyone tell me for the things i need to check to make sure of the problem?
Remove server.port configuration from Spring Boot yml / properties configuration. It will by default expose the service to 443 on PCF
I already have a tomcat server running in a VM with port as 443 and redirect port as 8443. Can I configure the redirect port for spring boot application also as 8443 and run in same VM? Would I face error like port already in use? If yes, are there any specific port to be used for this purpose? I would not like to try since this is a production environment VM.
By default the https port used is 9393 in springboot.So , in your application if you need it to be 8443 , you need to configure it in the application.properties or application.yml like
application.yml
server:
port: 8443
or
application.properties
server.port=8443
Yes, you will have issues if some other application is using the same https port on the same VM, you will have to find a port that is not used by any other application and assign it for your springboot application. Check in your vm if any other application is already mapped to this port, if not you can use this port without any issues.
Please note that :
If HTTPS is enabled, it will completely replace HTTP as the protocol
over which the REST endpoints and the Data Flow Dashboard interact.
Plain HTTP requests will fail - therefore, make sure that you
configure your Shell accordingly.
Spring doc.
We have created spring application, this is running in tomcat and resources(css, images and js) are coming from apache. We are trying to enable ssl but we are not able to get resources from apache. In console getting exception like resources could not be loaded. Can any one please help me.
You should probably use Apache as a reverse proxy to tomcat. This way, everything will go through Apache. Resources will be served directly, and requests to the appication will be proxied to your tomcat server:
http://httpd.apache.org/docs/current/mod/mod_proxy.html