spring-cloud-gateway icon indicating copy to clipboard operation
spring-cloud-gateway copied to clipboard
verified publisher icon spring-cloud

SslBundle support does not honor SslOptions in HttpClientSslConfigurer

Open janossch opened this issue 5 months ago • 0 comments

Describe the bug #2981 introduced SslBundle support which BTW a really nice feature. However SslOptions of the bundle is not honored by the implementation.

E.g. the gateway user would like to restrict the cipher suites of the outbound http client via SslBundle features. (or disable a protocol).

Sample This specific implementation https://github.com/spring-cloud/spring-cloud-gateway/blob/093f4056c287c3beba2cf7219f5a1ee1206953c5/spring-cloud-gateway-server-webflux/src/main/java/org/springframework/cloud/gateway/config/HttpClientSslConfigurer.java#L71-L73

misses the following:

SslOptions sslOptions = bundle.getOptions();
if (sslOptions != null && sslOptions.isSpecified()) {
  sslContextBuilder.ciphers(SslOptions.asSet(sslOptions.getCiphers()));
  sslContextBuilder.protocols(sslOptions.getEnabledProtocols());
}

I guess the GrpcSslConfigurer as well misses the same thing since it was also modified when #2981 solved by this commit https://github.com/spring-cloud/spring-cloud-gateway/commit/0600b4d268435ee4eb8629c5a8bc50b4f7227586

janossch avatar Jul 25 '25 13:07 janossch