From c655fae33260ea70a56dd8718ca7f8536a415675 Mon Sep 17 00:00:00 2001 From: Richard Smedley Date: Thu, 8 Jan 2026 11:21:19 +0000 Subject: [PATCH] Choose your own Cipher Suite Adventure! DOC-12599 Searching down the back of the sofa for the remote control, I found the long forgotten https://jira.issues.couchbase.com/browse/DOC-12599 Here it is re-presented, for 3.10, with @dnault 's comments incorporated. --- .../howtos/pages/managing-connections.adoc | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/modules/howtos/pages/managing-connections.adoc b/modules/howtos/pages/managing-connections.adoc index 0be4e522..dfe78854 100644 --- a/modules/howtos/pages/managing-connections.adoc +++ b/modules/howtos/pages/managing-connections.adoc @@ -237,6 +237,35 @@ E.....@.@.............+....Z.'yZ..#........ ==== +=== Choosing your Cipher Suite + +If your organization's security policy requires using specific TLS cipher suites, +you can specify which ciphers to use with +link:++https://docs.couchbase.com/sdk-api/couchbase-core-io/com/couchbase/client/core/env/SecurityConfig.Builder.html#ciphers(java.util.List)++[the `security.ciphers` client setting]. + +For example: + +[source,java] +---- +Cluster cluster = Cluster.connect( + connectionString, + ClusterOptions.clusterOptions(username, password) + .environment(env -> env + .securityConfig(sec -> sec + .ciphers(List.of( + // TLS 1.3 cipher suites supported by + // Java and Couchbase Server. + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384" + ))))); +---- + +To check which ciphers are available on a self-managed Couchbase Server installation, run: + +[source,console] +---- +/opt/couchbase/bin/couchbase-cli setting-security -c localhost -u Administrator -p password --get +---- == Quarkus Java Extension