Open MohammadNC opened 3 weeks ago
Hi Team,
trying one more approach to update the tls version dynamically.
org.eclipse.jetty.client.HttpClient httpsClient = JettyClientConfiguration.getHttpsclient();
SslContextFactory sslContextFactory = httpsClient.getSslContextFactory();
sslContextFactory.setIncludeProtocols(tlsVersion.split(","));
String[] ciphers;
if (CommonConstants.getTlsVersionOneDotThree().equals(tlsVersion)) {
ciphers = tlsConfigData.getTls13Ciphers().toArray(new String[0]);
} else if (CommonConstants.getTlsVersionOneDotTwo().equals(tlsVersion)) {
ciphers = tlsConfigData.getTls12Ciphers().toArray(new String[0]);
} else {
ciphers = Stream.concat(tlsConfigData.getTls12Ciphers().stream(),
tlsConfigData.getTls13Ciphers().stream()).toList().toArray(new String[0]);
}
sslContextFactory.setIncludeCipherSuites(ciphers);
try {
httpsClient.stop();
httpsClient.start();
} catch (Exception e) {
logger.error("Exception occurred while on https stop start");
}
but in this case directly existing TCP connection is terminated without GOAWAY.
Jetty 11 is now at End of Community Support, you should be using Jetty 12 at this point in time.
For commercial support of Jetty 11, see above listed issues.
jetty Version=11.0.17
Java Version = 17
Question I am using jetty as a client to send traffic by using the https with TLSv1.2 or TLSv1.3 version. Here my ask is that need to update the Jetty TLS version without impacting the existing Connections. let's say for Server1 there exists connection and after that I want to update the TLS version dynamically so, that next request to server2 should use the new connection with the latest TLS configuration, but existing connection should remain as is and allow traffic with old TLS config.
below code snippet get the webclient.
I have tried some code changes to update the tls version but it is not working.
Kindly please suggest how to update the TLS version dynamically without disturbing the existing connection.