B4J Question How to enable TLS 1.3 on B4J Server ?

[Murilo Besse]

I need to enable tls 1.3 on b4j server.
The server is running with JDK 15.
Is there any command like this: jServer v2.80+ Enabling TLSv1.1 ?

 

[tchart]

I use this code;

        Dim ssl As SslConfiguration
        ssl.Initialize
        
        ssl.SetKeyStorePath(File.DirApp, "jetty.keystore") 'path to keystore file
        ssl.KeyStorePassword = KeyStorePassword
        
        Dim jo As JavaObject = ssl
        
        Dim inc As String =$"TLS_AES_128_GCM_SHA256
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"$

        jo.RunMethod("setIncludeCipherSuites", Array(Regex.Split("\n", inc)))

According to this https://wiki.openssl.org/index.php/TLS1.3 the Cipher Suites for TLS1.3 are;

• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_128_GCM_SHA256
• TLS_AES_128_CCM_8_SHA256
• TLS_AES_128_CCM_SHA256

I selected the ones in the code above to get a better rating on https://www.ssllabs.com/ssltest/

 

[tchart]

This is the results of testing without altering the default cipher suites;

 

[Murilo Besse]

Your code worked!
Thanks!

 

[prajinpraveen]

Good Day,

I am a little curious to know if TLS1.3 is enabled by default.
Before i added the script, seems to me that TLS1.3 was enabled. ( screenshot from Chrome, developer tools, security tab)

After i added the script from post#

 

[Erel]

It should be enabled by default when running with Java 11+.

 

[prajinpraveen]

Thank you for the clarity Erel