How to disable SSL TLS protocols in Springboot?

Often a requirement comes to secure the application as well as the connections made to that application.

Prior to TLS 1.2, many versions of SSL and TLS came into existence to enforce transport layer security. Those previous versions were vulnerable to some sort of attacks\threats and those were fixed in their next version.

In order to enforce security, you may just want to accept connections over TLS v1.2 and thus only enable TLSv1.2 while disabling all other versions- SSLv3, TLS 1.0, TLS 1.1 etc

The purpose of this article is to list down the steps required to enable only TLS 1.2 and disable all other versions in a Springboot Application.


  • JRE
  • IDE of your choice
  • Springboot Application
  • Certificates – be it Self Signed or from Public CA

This article assumes that your application has already enabled SSL  in your application and configured certificates and secure HTTP Connectors either programmatically or through configuration.


Before we look into the steps, lets first understand how things work. Basically, an application sets up a virtual host/container – Jetty or Tomcat or Undertow etc as well as HTTP Listener(s).

In a Springboot application, embedded containers can be setup using


during bootstrapping.

For tomcat,


is initialized and likewise.  These containers set up Connectors (HTTP) and configure connectors for

  • Port
  • URI Encoding
  • SSL Settings optionally
  • Compression optionally
  • Protocol Handler etc


  1. In < Springboot v1.4.x versions

    For Springboot applications with versions < 1.4.x, there is not any support to disable protocols through configuration. APP YAML configuration has few properties to enable SSL but it does not provide a mechanism to set SSL enabled-protocols

    Thus, changes have to be done programmatically.

  But how?

  Do i need to initialize Tomcat Factory and Connector and stitch everything ?

Luckily, not. Springboot allows to customize the existing Container and further customize Connector.

Does that mean i just need to create Customizer and somehow attach it to the existing initialized container?

Yes, that’s right.

Add the below code and Your Problem will be solved. What we are doing is that during Service bootstrapping process, we are injecting a




beans and this way Spring IoC Container will stitch them out for you.

    public EmbeddedServletContainerCustomizer containerCustomizer(TomcatConnectorCustomizer connectorCustomizer) {
        return new EmbeddedServletContainerCustomizer() {
            public void customize(ConfigurableEmbeddedServletContainer container) {
                if (container instanceof TomcatEmbeddedServletContainerFactory) {
                    TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) container;

     * Sets up the Tomcat Connector Customizer to enable ONLY TLSv1.2
     * @return Reference to an instance of TomcatConnectorCustomizer
    public TomcatConnectorCustomizer connectorCustomizer() {
        return new TomcatConnectorCustomizer {
        public void customize(Connector connector) {
            connector.setAttribute("sslEnabledProtocols", "TLSv1.2");
    }<span 				data-mce-type="bookmark" 				id="mce_SELREST_start" 				data-mce-style="overflow:hidden;line-height:0" 				style="overflow:hidden;line-height:0" 			></span>;

    1. In < Springboot v1.4.x versions

      For Springboot applications > 1.4.x, things have been made much simpler and can be done through YAML configuration.

     enabled: true
     key-store: classpath:Keystore.jks
     key-store-password: <storepassword>
     key-password: <password>
     key-alias: <yourKeyAlias>
     enabled-Protocols: [TLSv1.2]
   port: 8443

enabled-Protocols: [TLSv1.2] is the trick here.

Simple. Isn’t it?


8 thoughts on “How to disable SSL TLS protocols in Springboot?”

  1. Thank you a bunch for sharing this with all people you really realize what you are talking about! Bookmarked. Please additionally talk over with my site =). We will have a link change agreement between us!

    Liked by 1 person

  2. You actually make it appear really easy with your presentation however I in finding this topic to be actually something that I feel I’d by no means understand. It kind of feels too complicated and extremely large for me. I’m having a look ahead on your subsequent publish, I will attempt to get the hold of it!

    Liked by 1 person

  3. Excellent weblog right here! Additionally your web site so much up very fast! What host are you using? Can I am getting your affiliate link to your host? I desire my web site loaded up as quickly as yours lol

    Liked by 1 person

  4. I’m now not positive the place you are getting your info, but good topic. I must spend a while learning much more or working out more. Thanks for wonderful information I used to be in search of this information for my mission.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s