com.typesafe:ssl-config-core_2.13
Advanced tools
Goal and purpose of this library is to make Play WS library as well as Akka HTTP "secure by default". Sadly, while Java's security has been steadily improving some settings are still left up to the user, and certain algorithms which should never be used in a serious production system are still accepted by the default settings of the SSL/TLS infrastructure. These things are possible to fix, by providing specialized implementations and/or defining additional settings for the Java runtime to use – this is exactly the purpose of SSL Config.
Additional modules offer integration with Play WS (which by default utilises Async Http Client), Akka Http and any other library which may need support from this library.
The project is maintained on two branches:
main which requires Java 8 and is used by Akka 2.5.x and later.release-0.1 which is Java 6 compatible
(does lots of manual improvements and checks that JDK6 didn't).
Currently only the legacy version of Akka Streams & Http (which is 2.0.x) uses this version.ssl-config at this point in time is used primarily internally in Akka HTTP, and is being evolved towards being "the place" one configures all possible SSL/TLS related settings, mostly focused on the client side of things.
The project is hosted externally of either Akka or Play, in order to foster convergence and re-use of the more tricky bits of configuring TLS.
Binary compatibility is not guaranteed between versions (in the 0.x.z series) of ssl-config at this point in time.
We aim to stabilise the APIs and provide a stable release eventually.
Docs are available on: https://lightbend.github.io/ssl-config
An excellent series by Will Sargent about making Play WS (from which this library originates) "secure by default":
Lightbend 2015-2020, Apache 2.0
FAQs
ssl-config-core
We found that com.typesafe:ssl-config-core_2.13 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.