4

Does someone know how to deactivate SSLv3? Does someone know if DW supports SSLv3 or how I can check what is supported by DW 0.7.1?

user3280180
  • 1,393
  • 1
  • 11
  • 27

1 Answers1

3

Dropwizard is using Jetty for the HTTP connection handling so it is possible to configure Dropwizard to use SSLv3 for the HTTPS traffic. Use the propertysupportedProtocols. By default there is no preferred security protocol so it will use whatever the underlying JDK is supporting.
In the dropwizard configuration you need to add the following if you want TLSv1.2 connections only:

server:
  applicationConnectors:
    - type: https
      port: 8443
      ....
      supportedProtocols: TLSv1.2
zloster
  • 1,149
  • 11
  • 26
  • 1
    Ahhh ... I have overlooked this line ... Thank you. – user3280180 Oct 27 '14 at 08:12
  • 2
    Not sure about previous versions, but in Dropwizard 0.8.0 this needs to be configured as an array: supportedProtocols: [TLSv1.2] and you should then see the following additional line in stdout: INFO io.dropwizard.jetty.HttpsConnectorFactory: Configured protocols: [TLSv1.2] – Andrew Eells Sep 01 '15 at 12:16