Hi,
On 22/06/2023 01:48, Benoit TELLIER wrote:
Hello Wojtek,
On 21/06/2023 10:44, Wojtek wrote:
Hi,
Is there a way to configure list of default TLS protocols for all enabled listeners instead of
modifying configuration file for each one (i.e. `<supportedProtocols/>`)?
I think we have no such things like default value accross all protocols.
Maybe we as a project can come up with better defaults here? EG TLSV2 + V3 so that users are less in
need to configure this?
sslcontext-kickstart does seem to have support for `https.protocols` property, but it looks like
it's not used in James?
May I ask for a link?
Best regards,
Benoit
It seems that library online JavaDoc is somewhat outdated (2021?)
Here's the link
https://github.com/Hakky54/sslcontext-kickstart/blob/master/sslcontext-kickstart/src/main/java/nl/altindag/ssl/SSLFactory.java#L693
Thus possibly adding to
org.apache.james.protocols.lib.LegacyJavaEncryptionFactory#create:
```
if (System.getProperty("https.protocols") != null) {
sslFactoryBuilder.withSystemPropertyDerivedProtocols();
}
```
Would allow to use -Dhttps.protocols=… in jvm.properties?
Wojtek
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
