Hi everyone I just upgraded my project to Ktor 3 0 3 I m usi kotlinlang #ktor

Hi everyone, I just upgraded my project to Ktor 3....

Pim

12/24/2024, 9:14 AM

Hi everyone, I just upgraded my project to Ktor 3.0.3. I’m using SSL and on the

EngineSSLConnectorBuilder

I set

enabledProtocols = listOf(“TLSv1.2”)

. I then send a curl request to the server with

—-no-alpn

. I observe that the client tries TLS1.3 and my server accepts it. I would think this would not be the case since I set the

enabledProtocols

. Am I missing something?

Pim

12/24/2024, 9:33 AM

Also I cannot find

enableHttp2

on the

NettyApplicationEngine.Configuration

for version 2.3.13 while it’s listed here: https://api.ktor.io/older/2.3.12/ktor-server/ktor-server-netty/io.ktor.server.netty/-netty-application-engine/-configuration/enable-http2.html

Aleksei Tirman [JB]

01/02/2025, 2:16 PM

I cannot reproduce the problem with the following code:

Copy code

embeddedServer(Netty, applicationEnvironment {}, {
    val keyStoreFile = File("build/keystore.jks")
    val keyStore = buildKeyStore {
        certificate("sampleAlias") {
            password = "foobar"
            domains = listOf("127.0.0.1", "0.0.0.0", "localhost")
        }
    }
    keyStore.saveToFile(keyStoreFile, "123456")

    sslConnector(
        keyStore = keyStore,
        keyAlias = "sampleAlias",
        keyStorePassword = { "123456".toCharArray() },
        privateKeyPassword = { "foobar".toCharArray() }
    ) {
        enabledProtocols = listOf("TLSv1.2")
        port = 8443
        keyStorePath = keyStoreFile
    }
}) {
    routing {
        get {
            call.respondText("Hello World!")
        }
    }
}.start(wait = true)

curl -v -k --no-alpn <https://0.0.0.0:8443>

Copy code

*   Trying 0.0.0.0:8443...
* Connected to 0.0.0.0 (0.0.0.0) port 8443
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / [blank] / UNDEF
* Server certificate:
*  subject: C=RU; O=JetBrains; OU=Kotlin; CN=localhost
*  start date: Jan  2 14:14:46 2025 GMT
*  expire date: Jan  5 14:14:46 2025 GMT
*  issuer: C=RU; O=JetBrains; OU=Kotlin; CN=localhost
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> Host: 0.0.0.0:8443
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Content-Length: 12
< Content-Type: text/plain; charset=UTF-8
<
* Connection #0 to host 0.0.0.0 left intact
Hello World!

Pim

01/02/2025, 5:40 PM

Hmm interesting. I’ll try again once I have the time. Thanks for testing it :)

Pim

01/06/2025, 9:32 AM

@Aleksei Tirman [JB] Do you also happen to know anything about my question regarding the

enableHttp2

setting for Netty in Ktor 2.x.x? It’s mentioned in the docs, but I cannot find the property when using 2.x.x

Pim

01/06/2025, 10:45 AM

Just found https://youtrack.jetbrains.com/issue/KTOR-6140 I guess it’s a mistake in the docs of 2.x.x?

Aleksei Tirman [JB]

01/08/2025, 10:07 AM

You're right. The

enableHttp2

configuration option should be listed in the API docs only since Ktor 3.0.0.

👍 1

gratitude thank you 1

22 Views

Open in Slack

Previous Next