Polish contribution

Rename the new property to enabledProtocols to align more closely with
Undertow and Tomcat’s underlying configuration setting.

Closes gh-2109

spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java

@@ -42,9 +42,9 @@ public class Ssl {
 	private String[] ciphers;
 
 	/**
-	 * Supported SSL protocols.
+	 * Enabled SSL protocols.
 	 */
-	private String[] protocols;
+	private String[] enabledProtocols;
 
 	/**
 	 * Alias that identifies the key in the key store.
@@ -173,6 +173,14 @@ public class Ssl {
 		this.keyStoreProvider = keyStoreProvider;
 	}
 
+	public String[] getEnabledProtocols() {
+		return this.enabledProtocols;
+	}
+
+	public void setEnabledProtocols(String[] enabledProtocols) {
+		this.enabledProtocols = enabledProtocols;
+	}
+
 	public String getTrustStore() {
 		return this.trustStore;
 	}
@@ -213,14 +221,6 @@ public class Ssl {
 		this.protocol = protocol;
 	}
 
-	public String[] getProtocols() {
-		return this.protocols;
-	}
-
-	public void setProtocols(String[] protocols) {
-		this.protocols = protocols;
-	}
-
 	/**
 	 * Client authentication types.
 	 */

spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java

@@ -207,13 +207,7 @@ public class JettyEmbeddedServletContainerFactory
 	 * @param ssl the ssl details.
 	 */
 	protected void configureSsl(SslContextFactory factory, Ssl ssl) {
-		//Set the default TLS protocol
 		factory.setProtocol(ssl.getProtocol());
-
-		//Assign the supported protocols, if provided
-		if (ssl.getProtocols() != null) {
-			factory.setIncludeProtocols(ssl.getProtocols());
-		}
 		configureSslClientAuth(factory, ssl);
 		configureSslPasswords(factory, ssl);
 		factory.setCertAlias(ssl.getKeyAlias());
@@ -221,6 +215,9 @@ public class JettyEmbeddedServletContainerFactory
 		if (ssl.getCiphers() != null) {
 			factory.setIncludeCipherSuites(ssl.getCiphers());
 		}
+		if (ssl.getEnabledProtocols() != null) {
+			factory.setIncludeProtocols(ssl.getEnabledProtocols());
+		}
 		configureSslTrustStore(factory, ssl);
 	}
 

spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java

@@ -315,22 +315,17 @@ public class TomcatEmbeddedServletContainerFactory
 	 */
 	protected void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
 		protocol.setSSLEnabled(true);
-		//Set the default TLS protocol
 		protocol.setSslProtocol(ssl.getProtocol());
-
-		//Assign the supported protocols, if provided
-		if (ssl.getProtocols() != null) {
-			String protocols = StringUtils.arrayToCommaDelimitedString(ssl.getProtocols());
-			protocol.setProperty("sslEnabledProtocols", protocols);
-		}
-
 		configureSslClientAuth(protocol, ssl);
 		protocol.setKeystorePass(ssl.getKeyStorePassword());
 		protocol.setKeyPass(ssl.getKeyPassword());
 		protocol.setKeyAlias(ssl.getKeyAlias());
 		configureSslKeyStore(protocol, ssl);
-		String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
+		protocol.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()));
-		protocol.setCiphers(ciphers);
+		if (ssl.getEnabledProtocols() != null) {
+			protocol.setProperty("sslEnabledProtocols",
+					StringUtils.arrayToCommaDelimitedString(ssl.getEnabledProtocols()));
+		}
 		configureSslTrustStore(protocol, ssl);
 	}
 

spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java

@@ -258,14 +258,15 @@ public class UndertowEmbeddedServletContainerFactory
 			SSLContext sslContext = SSLContext.getInstance(ssl.getProtocol());
 			sslContext.init(getKeyManagers(), getTrustManagers(), null);
 			builder.addHttpsListener(port, getListenAddress(), sslContext);
-			builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, getSslClientAuthMode(ssl));
+			builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE,
-
+					getSslClientAuthMode(ssl));
-			//Configure the supported TLS protocols and Cipher suites
+			if (ssl.getEnabledProtocols() != null) {
-			if (ssl.getProtocols() != null) {
+				builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS,
-				builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(ssl.getProtocols()));
+						Sequence.of(ssl.getEnabledProtocols()));
 			}
 			if (ssl.getCiphers() != null) {
-				builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(ssl.getCiphers()));
+				builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES,
+						Sequence.of(ssl.getCiphers()));
 			}
 		}
 		catch (NoSuchAlgorithmException ex) {

spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java

@@ -530,7 +530,7 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 	}
 
 	private Ssl getSsl(ClientAuth clientAuth, String keyPassword, String keyStore,
-			String trustStore, String[] protocols, String[] ciphers) {
+			String trustStore, String[] supportedProtocols, String[] ciphers) {
 		Ssl ssl = new Ssl();
 		ssl.setClientAuth(clientAuth);
 		if (keyPassword != null) {
@@ -549,17 +549,12 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 		if (ciphers != null) {
 			ssl.setCiphers(ciphers);
 		}
-		if (protocols != null) {
+		if (supportedProtocols != null) {
-			ssl.setProtocols(protocols);
+			ssl.setEnabledProtocols(supportedProtocols);
 		}
 		return ssl;
 	}
 
-	/**
-	 * @see <a
-	 * href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider">
-	 * SunJSSE supported Cipher Suites</a>
-	 */
 	protected void testRestrictedSSLProtocolsAndCipherSuites(String[] protocols,
 			String[] ciphers) throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();

spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java

@@ -159,7 +159,7 @@ public class JettyEmbeddedServletContainerFactoryTests
 		ssl.setKeyStorePassword("secret");
 		ssl.setKeyPassword("password");
 		ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
-		ssl.setProtocols(new String[]{ "TLSv1.1", "TLSv1.2" });
+		ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" });
 
 		JettyEmbeddedServletContainerFactory factory = getFactory();
 		factory.setSsl(ssl);
@@ -184,7 +184,7 @@ public class JettyEmbeddedServletContainerFactoryTests
 		ssl.setKeyStorePassword("secret");
 		ssl.setKeyPassword("password");
 		ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
-		ssl.setProtocols(new String[]{ "TLSv1.1" });
+		ssl.setEnabledProtocols(new String[] { "TLSv1.1" });
 
 		JettyEmbeddedServletContainerFactory factory = getFactory();
 		factory.setSsl(ssl);

spring-boot/src/test/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactoryTests.java

@@ -268,7 +268,7 @@ public class TomcatEmbeddedServletContainerFactoryTests
 		Ssl ssl = new Ssl();
 		ssl.setKeyStore("test.jks");
 		ssl.setKeyStorePassword("secret");
-		ssl.setProtocols(new String[]{ "TLSv1.1", "TLSv1.2" });
+		ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" });
 		ssl.setCiphers(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "BRAVO" });
 
 		TomcatEmbeddedServletContainerFactory factory = getFactory();
@@ -291,7 +291,7 @@ public class TomcatEmbeddedServletContainerFactoryTests
 		Ssl ssl = new Ssl();
 		ssl.setKeyStore("test.jks");
 		ssl.setKeyStorePassword("secret");
-		ssl.setProtocols(new String[]{"TLSv1.2"});
+		ssl.setEnabledProtocols(new String[] { "TLSv1.2" });
 		ssl.setCiphers(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "BRAVO" });
 
 		TomcatEmbeddedServletContainerFactory factory = getFactory();