Disabling SSL Weak Ciphers with Play! Framework
Is there a way to disable weak and medium ciphers suite开发者_如何学Gos for https, with the standalone Play Framework server?
Couldn't find anything about it.
The intention of the standalone server is not to deal with https traffic. The most common pattern is to use something like lighttpd, nginx or apache as a reverse proxy and offload the https processing to that.
Therefore, your question is more suited to whether it is possible to do what you need in one of the above http servers.
In Play 2.3, it is possible to do this with the AlgorithmChecker, and the AlgorithmChecker can be set up from a custom SSLEngine provider.
https://www.playframework.com/documentation/2.3.x/ConfiguringHttps
https://github.com/playframework/playframework/blob/2.3.x/framework/src/play-ws/src/main/scala/play/api/libs/ws/ssl/AlgorithmChecker.scala
精彩评论