diff --git a/modules/howtos/pages/managing-connections.adoc b/modules/howtos/pages/managing-connections.adoc index d59e1d23..80bbf88b 100644 --- a/modules/howtos/pages/managing-connections.adoc +++ b/modules/howtos/pages/managing-connections.adoc @@ -238,6 +238,34 @@ E.....@.@.............+....Z.'yZ..#........ ==== +=== Choosing your Cipher Suite + +If you are on a version of TLS that allows a cipher suite weaker than your latest security policies allow, +you can specify which ciphers to use with +link:++https://docs.couchbase.com/sdk-api/couchbase-core-io/com/couchbase/client/core/env/SecurityConfig.Builder.html#ciphers(java.util.List++[`SecurityConfig.Builder (ciphers(List`]. + +For example: + +[source,java] +---- +Cluster cluster = Cluster.connect( connectionString, ClusterOptions.clusterOptions(username, password) .environment(env -> env .securityConfig(it -> it.ciphers(List.of( "MY_CIPHER", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_DHE_RSA_WITH_DES_CBC_SHA", + "TLS_RSA_WITH_DES_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "TLS_RSA_WITH_RC4_128_SHA", + "TLS_RSA_WITH_RC4_128_MD5"))) ) ); +---- + +To check which ciphers are available on a self-managed Couchbase Server installation, run: +[source.console] +---- +/opt/couchbase/bin/couchbase-cli setting-security -c localhost -u Administrator -p password –get +---- + + == Quarkus Java Extension Our xref:quarkus-extension:ROOT:overview.adoc[Couchbase Quarkus Java Extension docs] cover installing and connecting with the Quarkus extension in detail, @@ -252,7 +280,6 @@ quarkus.couchbase.password=password ---- - == Cloud Native Gateway Couchbase's next generation connection protocol, introduced in Java SDK 3.5 and xref:operator::concept-cloud-native-gateway.adoc[Couchbase Autonomous Operator 2.6.1], can be enabled simply by changing the connection string to `couchbase2://` but there are a few differences to be aware of, described <<#limitations,below>>.