Description
The internal SSL utility classes (SslContext, JdkSslContext, PemReader) currently rely on legacy defaults and need to be modernized to fully leverage Java 21 standards.
These classes are essential for zero-dependency PEM parsing and SSL configuration across supported servers, but they currently default to the outdated JKS keystore format, prioritize older TLS versions, and utilize legacy cipher suites.
Proposed Changes
- Prioritize TLS 1.3: Update the protocol fallback logic in
JdkSslContext to prioritize TLSv1.3 and drop deprecated protocols.
- Modernize Ciphers: Remove outdated ciphers (e.g., 3DES) and ensure high-security TLS 1.3 ciphers are at the top of the preference list.
- Update Keystore Format: Replace hardcoded
"JKS" instances with KeyStore.getDefaultType() to utilize the modern PKCS12 standard.
- Optimize PEM Parsing: Refactor
PemReader to use Base64.getMimeDecoder() for native, efficient handling of line breaks, replacing the manual regex string manipulation.
- Syntax Cleanup: Apply the diamond operator (
<>) across all files to clean up legacy generics.
Description
The internal SSL utility classes (
SslContext,JdkSslContext,PemReader) currently rely on legacy defaults and need to be modernized to fully leverage Java 21 standards.These classes are essential for zero-dependency PEM parsing and SSL configuration across supported servers, but they currently default to the outdated
JKSkeystore format, prioritize older TLS versions, and utilize legacy cipher suites.Proposed Changes
JdkSslContextto prioritizeTLSv1.3and drop deprecated protocols."JKS"instances withKeyStore.getDefaultType()to utilize the modern PKCS12 standard.PemReaderto useBase64.getMimeDecoder()for native, efficient handling of line breaks, replacing the manual regex string manipulation.<>) across all files to clean up legacy generics.