On my Netty server, I need to exclude TLS_1.0 and TLS_1.1 protocols. However, seems like Netty SslContextBuilder doesn't allow to exclude specific suits.
Current code is used to build a SSL context:
SslContextBuilder.forServer(serverCert, serverKey, serverPass)
.sslProvider(sslProvider)
.build();
SslContextBuilder has ciphers() method, but it's not clear how to exclude specific ciphers for the TLS_1.0 and TLS_1.1.
Is there any way to achieve that?
You would just specify the protocols you want to support:
SslContextBuilder.forServer(serverCert, serverKey, serverPass)
.sslProvider(sslProvider).protocols(...)
So only include TLSv1.2 and TLSv1.3 here.
Another possibility would be to specify your custom CipherSuiteFilter which filters out ciphers you don't want to support.