db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <tableyourt...@gmail.com>
Subject Force TLSv1.2 or higher for the server
Date Mon, 09 Jul 2018 10:25:26 GMT
Hello,

I cannot find a way to force the server to just use TLSv1.2. Currently
it says:

Apache Derby Network Server - 10.13.1.1 - (1765088) Enabled Protocols
are TLSv1, TLSv1.1, TLSv1.2

even when using

-Dhttps.protocols=TLSv1.2

or similar settings found on the internet. Then I saw in the source:

SSLContext ctx = SSLContext.getInstance("TLS");

https://github.com/apache/derby/blob/f16c46cbdd5be8dd9bdcee935ec1f68970146478/java/org.apache.derby.commons/org/apache/derby/shared/common/drda/NaiveTrustManager.java#L73

that it seems to ignore command line settings. Is it possible to add
such a property or a different workaround to avoid older TLS versions?

Regards
Peter


Mime
View raw message