Enforce a minimum TLS version
With the AWS SDK for Kotlin, you can configure the minimum TLS version when you connect to service endpoints. The SDK offers different configuration options. In order of highest to lowest precedence, the options are:
-
Explicitly configure the HTTP engine
-
Set the
sdk.minTlsJVM system property -
Set the
SDK_MIN_TLSenvironment variable
Configure the HTTP engine
When you specify a non-default HTTP engine for a service client, you can set the
tlsContext.minVersion field.
The following example configures the HTTP engine and any service client that uses it to use TLS v1.2 at a minimum.
DynamoDbClient { region = "us-east-2" httpClient { tlsContext { minVersion = TlsVersion.TLS_1_2 } } }.use { ddb -> // Perform some actions with Amazon DynamoDB. }
Set the sdk.minTls JVM system
property
You can set the sdk.minTls JVM system property. When you launch an
application with the system property set, all HTTP engines constructed by the AWS SDK for Kotlin
use the specified minimum TLS version by default. However, you can explicitly override this
in the HTTP engine configuration. The allowable values are:
-
TLS_1_0
-
TLS_1_1
-
TLS_1_2
-
TLS_1_3
Set the SDK_MIN_TLS environment variable
You can set the SDK_MIN_TLS environment variable. When you launch an
application with the environment variable set, all HTTP engines constructed by the
AWS SDK for Kotlin use the specified minimum TLS version, unless overridden by another
option.
The allowable values are:
-
TLS_1_0
-
TLS_1_1
-
TLS_1_2
-
TLS_1_3
