Merge pull request #20334 from ktoso/wip-tls1.2-more-sslconfig-links

+htp,str #20326 more links to ssl-config and update default TLS version
2016-04-15 18:54:22 +02:00 · 2016-04-15 18:54:22 +02:00 · 2418e610ab
commit 2418e610ab
parent a1423b6e7d e5cfe5b0ed
4 changed files with 42 additions and 3 deletions
--- a/akka-docs/rst/java/http/client-side/https-support.rst
+++ b/akka-docs/rst/java/http/client-side/https-support.rst
@ -45,6 +45,19 @@ to rely on the configured default client-side ``HttpsContext``.
 If no custom ``HttpsContext`` is defined the default context uses Java's default TLS settings. Customizing the
 ``HttpsContext`` can make the Https client less secure. Understand what you are doing!

+SSL-Config
+----------
+
+Akka HTTP heavily relies on, and delegates most configuration of any SSL/TLS related options to
+`Lightbend SSL-Config`_, which is a library specialized in providing an secure-by-default SSLContext
+and related options.
+
+Please refer to the `Lightbend SSL-Config`_ documentation for detailed documentation of all available settings.
+
+SSL Config settings used by Akka HTTP (as well as Streaming TCP) are located under the `akka.ssl-config` namespace.
+
+.. _Lightbend SSL-Config: http://typesafehub.github.io/ssl-config/
+
 Detailed configuration and workarounds
 --------------------------------------

--- a/akka-docs/rst/scala/http/client-side/https-support.rst
+++ b/akka-docs/rst/scala/http/client-side/https-support.rst
@ -45,6 +45,19 @@ to rely on the configured default client-side ``HttpsContext``.
 If no custom ``HttpsContext`` is defined the default context uses Java's default TLS settings. Customizing the
 ``HttpsContext`` can make the Https client less secure. Understand what you are doing!

+SSL-Config
+----------
+
+Akka HTTP heavily relies on, and delegates most configuration of any SSL/TLS related options to
+`Lightbend SSL-Config`_, which is a library specialized in providing an secure-by-default SSLContext
+and related options.
+
+Please refer to the `Lightbend SSL-Config`_ documentation for detailed documentation of all available settings.
+
+SSL Config settings used by Akka HTTP (as well as Streaming TCP) are located under the `akka.ssl-config` namespace.
+
+.. _Lightbend SSL-Config: http://typesafehub.github.io/ssl-config/
+
 Detailed configuration and workarounds
 --------------------------------------

--- a/akka-docs/rst/scala/http/low-level-server-side-api.rst
+++ b/akka-docs/rst/scala/http/low-level-server-side-api.rst
@ -155,6 +155,21 @@ optional ``httpsContext`` parameter, which can receive the HTTPS configuration i
 instance.
 If defined encryption is enabled on all accepted connections. Otherwise it is disabled (which is the default).

+For detailed documentation for client-side HTTPS support refer to :ref:`clientSideHTTPS`.
+
+SSL-Config
+----------
+
+Akka HTTP heavily relies on, and delegates most configuration of any SSL/TLS related options to
+`Lightbend SSL-Config`_, which is a library specialized in providing an secure-by-default SSLContext
+and related options.
+
+Please refer to the `Lightbend SSL-Config`_ documentation for detailed documentation of all available settings.
+
+SSL Config settings used by Akka HTTP (as well as Streaming TCP) are located under the `akka.ssl-config` namespace.
+
+.. _Lightbend SSL-Config: http://typesafehub.github.io/ssl-config/
+
 .. _http-server-layer-scala:

 Stand-Alone HTTP Layer Usage
--- a/akka-stream/src/main/resources/reference.conf
+++ b/akka-stream/src/main/resources/reference.conf
@ -93,8 +93,6 @@ akka {

  # configure overrides to ssl-configuration here (to be used by akka-streams, and akka-http – i.e. when serving https connections)
  ssl-config {
-    # due to still supporting JDK6 in this release
-    # TODO once JDK 8 is required switch this to TLSv1.2 (or remove entirely, leave up to ssl-config to pick)
-    protocol = "TLSv1"
+    protocol = "TLSv1.2"
  }
 }