TLS Configuration

Adding support for TLS configuration in your module is as simple as declaring a parameter of type TlsContextFactory, for example:

private TlsContextFactory tlsContextFactory;

The example above will automatically generate support for this XML setting:

<tls:context enabledProtocols="TLSv1.2,SSLv3">
    <tls:trust-store path="my-trust-store.jks" password="myPassword"/>
    <tls:key-store path="my-key-store.jks" keyPassword="myPassword" password="myPassword"/>

Note that a TLS context can also be defined as a global element of your app, so you can reference it by its name anywhere you need to use it.

If TLS needs are hidden from the user (for example, if you need to connect safely to a service internally), you can create your own TlsContextFactory using its builder:

private final TlsContextFactory tlsContextFactory = TlsContextFactory.builder()

This builder also allows creating default instances of TlsContextFactory:

private final TlsContextFactory defaultTlsContextFactory = TlsContextFactory.builder().buildDefault();

Once a TlsContextFactory is available (whether as a parameter or obtained through its builder), it should be initialized, for example:

if (tlsContextFactory instanceof Initialisable) {
  ((Initialisable) tlsContextFactory).initialise();

It can then be used to obtain an SSLContext, a SSLSocketFactory or a SSLServerSocketFactory. It can also obtain enabled TLS protocols and cipher suites, allowing you to set up most Java components that use TLS/SSL as shown in the examples below.

You could set up a FTPSClient by obtaining an SSLContext and then configure the protocols and cipher suites for it:

SSLContext sslContext = tlsContextFactory.createSslContext();
String[] enabledProtocols = tlsContextFactory.getEnabledProtocols();
String[] enabledCiphers = tlsContextFactory.getEnabledCipherSuites();

FTPSClient client = new FTPSClient(sslContext);

You could obtain an SSLSocketFactory to create your own Socket:

SSLSocketFactory sslSocketFactory = tlsContextFactory.createSocketFactory();
Socket socket = sslSocketFactory.create();

To create a ServerSocketinstead, you can obtain an SSLServerSocketFactory:

SSLServerSocketFactory sslServerSocketFactory = tlsContextFactory.createServerSocketFactory();
ServerSocket socket = sslServerSocketFactory.createServerSocket();

To correctly configure TLS context and all the available parameters that you can set, see Configure TLS with Keystores and Truststores.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub