In one of the application having embedded java micro service and migrated to HTTPS from HTTP. Since lower version of HTTPS TLS are still visible that are TLSv1.0 and TLSvc1.1 which need to disable as we are using TLSv1.2 version. In system "application.yaml" file is present with having https related configuration.
Could you please help us to disable lower versions (1.0 & 1.1) and display only 1.2 version of TLS for HTTPS url?
We tried below solutions,
updated the "application.yaml" file with : Protocol : TLSv1.2
updated cipher definition in the "application.yaml" config file: Cipher suites (TLS 1.2): ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
We are expecting to disable lower versions of TLS (1.0 & 1.1) and display only the 1.2 version of HTTPs TLS.
