Skip to content

Configure TLS protocol versions in SSLConfig #3806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
antonstamov wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Configure TLS protocol versions in SSLConfig #3806

antonstamov wants to merge 4 commits into from

Conversation

@antonstamov
Copy link

@antonstamov antonstamov commented Nov 19, 2025
edited
Loading

Configure TLS protocol versions in SSLConfig

This pull request adds the ability to configure TLS protocol versions in SSLConfig for HTTP servers.

Features

  • Adds configurable TLS protocol versions support in SSLConfig with default TLSv1.3 and TLSv1.2
  • Provides fine-grained control over TLS security settings, allowing disabling of older, less secure protocols

Changes

  • Extended SSLConfig with optional protocols parameter
  • Updated all factory methods to support the new configuration
  • Updated documentation to reflect the new TLS protocol configuration options
  • Fixed scalafmt formatting issues from the original PR

Based on the original work in #3714, which was closed due to binary compatibility issues and scalafmt errors.

Closes #3714

@netlify
Copy link

netlify bot commented Nov 19, 2025
edited
Loading

Deploy Preview for zio-http ready!

Name Link
🔨 Latest commit 9f28ea3
🔍 Latest deploy log https://app.netlify.com/projects/zio-http/deploys/6927fc5cf64dec00086fb42c
😎 Deploy Preview https://deploy-preview-3806--zio-http.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@CLAassistant
Copy link

CLAassistant commented Nov 19, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@987Nabil
Copy link
Contributor

987Nabil commented Nov 24, 2025

You can't just ignore binary incompatibility. You have to solve it. You can rebase and use @unroll@ to fix it

@antonstamov antonstamov force-pushed the configurable-tls-protocol-versions branch 2 times, most recently from a7fd237 to f07b908 Compare November 25, 2025 11:33
@maxcom maxcom force-pushed the configurable-tls-protocol-versions branch from 3938ee8 to 0a8d498 Compare November 26, 2025 11:59
@maxcom
Copy link

maxcom commented Dec 2, 2025

@987Nabil please review

@987Nabil
Copy link
Contributor

987Nabil commented Dec 6, 2025

Why the manual unroll?

@maxcom
Copy link

maxcom commented Dec 6, 2025

Why the manual unroll?

@unroll works fine on Scala 2, but fails to compile on Scala 3. I believe this is a bug or a limitation of the unroll plugin, likely related to the presence of additional apply methods in the SSLConfig companion object.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdegoes jdegoes Awaiting requested review from jdegoes jdegoes is a code owner

@vigoo vigoo Awaiting requested review from vigoo vigoo is a code owner

@kyri-petrou kyri-petrou Awaiting requested review from kyri-petrou kyri-petrou is a code owner

@987Nabil 987Nabil Awaiting requested review from 987Nabil 987Nabil is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@antonstamov @CLAassistant @987Nabil @maxcom