How to enforce netty server to communicate over TLS 1.2?

Question

My Netty application is running as TCP Socket server on JDK1.8 . JDK 1.8 supports TLS 1.0, TLS 1.1 and TLS 1.2 .

We want to enforce the communication between TCP server and client over TLSv1.2 at server side (no lower protocol needs to be used) .

Below is the code snippet :

{ 
KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new FileInputStream("JKS location"), "password");
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
         kmf.init(ks, "password".toCharArray());
        SslContext sslContext = SslContextBuilder.forServer(kmf).build();
        pipeline.addLast(sslContext.newHandler(socketChannel.alloc()));
}

How can we enforce netty server to communicate over TLS1.2 protocol only ?

Answer 1

Just configure the SSLEngine correctly:

SslHandler handler = sslContext.newHandler(socketChannel.alloc());
handler.engine().setEnabledProtocols(new String[] {"TLSv1.2"});
...