feat: cipher (#73)

src/main/java/app/coronawarn/verification/portal/VerificationPortalApplication.java

@@ -21,9 +21,14 @@
 
 package app.coronawarn.verification.portal;
 
+import org.apache.coyote.http11.AbstractHttp11Protocol;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.cloud.openfeign.EnableFeignClients;
+import org.springframework.context.annotation.Bean;
 
 /**
  * The Spring Boot application class.
@@ -35,4 +40,20 @@ public class VerificationPortalApplication {
   public static void main(String[] args) {
     SpringApplication.run(VerificationPortalApplication.class, args);
   }
+
+  /**
+   * Enable the cipher suites from server to be preferred.
+   *
+   * @return the WebServerFactoryCustomizer with cipher suites configuration
+   */
+  @Bean
+  @ConditionalOnProperty(value = "server.ssl.cipher.suites.order", havingValue = "true")
+  public WebServerFactoryCustomizer<TomcatServletWebServerFactory> webServerFactoryCustomizer() {
+    return (factory) -> factory
+      .addConnectorCustomizers((connector) -> {
+        ((AbstractHttp11Protocol<?>) connector.getProtocolHandler())
+          .setUseServerCipherSuitesOrder(true);
+      });
+  }
+
 }