From 39ed20b474205faacf89d550f91efaab33e7d65e Mon Sep 17 00:00:00 2001
From: Lee JiWon <dlwldnjs1009@gmail.com>
Date: Fri, 29 May 2026 21:49:28 +0900
Subject: [PATCH 1/2] Treat empty SSL bundle as unset

Update the Cassandra, Redis, and MongoDB SSL configuration so that an
empty `bundle` property is treated as unset rather than enabling SSL.

See gh-50624

Signed-off-by: Lee JiWon <dlwldnjs1009@gmail.com>
---
 .../boot/autoconfigure/cassandra/CassandraProperties.java  | 3 ++-
 .../boot/autoconfigure/data/redis/RedisProperties.java     | 3 ++-
 .../boot/autoconfigure/mongo/MongoProperties.java          | 3 ++-
 .../autoconfigure/cassandra/CassandraPropertiesTests.java  | 7 +++++++
 .../autoconfigure/data/redis/RedisPropertiesTests.java     | 7 +++++++
 .../boot/autoconfigure/mongo/MongoPropertiesTests.java     | 7 +++++++
 6 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/cassandra/CassandraProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/cassandra/CassandraProperties.java
index f461d6d63dbf..8a2af94065cc 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/cassandra/CassandraProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/cassandra/CassandraProperties.java
@@ -23,6 +23,7 @@
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.core.io.Resource;
+import org.springframework.util.StringUtils;
 
 /**
  * Configuration properties for Cassandra.
@@ -236,7 +237,7 @@ public static class Ssl {
 		private String bundle;
 
 		public boolean isEnabled() {
-			return (this.enabled != null) ? this.enabled : this.bundle != null;
+			return (this.enabled != null) ? this.enabled : StringUtils.hasText(this.bundle);
 		}
 
 		public void setEnabled(boolean enabled) {
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/RedisProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/RedisProperties.java
index f9738ea940e9..8533b8e520b9 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/RedisProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/redis/RedisProperties.java
@@ -20,6 +20,7 @@
 import java.util.List;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.util.StringUtils;
 
 /**
  * Configuration properties for Redis.
@@ -425,7 +426,7 @@ public static class Ssl {
 		private String bundle;
 
 		public boolean isEnabled() {
-			return (this.enabled != null) ? this.enabled : this.bundle != null;
+			return (this.enabled != null) ? this.enabled : StringUtils.hasText(this.bundle);
 		}
 
 		public void setEnabled(boolean enabled) {
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoProperties.java
index d5e6455f9b7e..756d79f418b6 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoProperties.java
@@ -22,6 +22,7 @@
 import org.bson.UuidRepresentation;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.util.StringUtils;
 
 /**
  * Configuration properties for Mongo.
@@ -289,7 +290,7 @@ public static class Ssl {
 		private String bundle;
 
 		public boolean isEnabled() {
-			return (this.enabled != null) ? this.enabled : this.bundle != null;
+			return (this.enabled != null) ? this.enabled : StringUtils.hasText(this.bundle);
 		}
 
 		public void setEnabled(boolean enabled) {
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/cassandra/CassandraPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/cassandra/CassandraPropertiesTests.java
index 05f583d17682..c8af870bd65d 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/cassandra/CassandraPropertiesTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/cassandra/CassandraPropertiesTests.java
@@ -58,4 +58,11 @@ void defaultValuesInManualMetadataAreConsistent() {
 		assertThat(driverDefaults.get(TypedDriverOption.HEARTBEAT_TIMEOUT)).isEqualTo(Duration.ofSeconds(5));
 	}
 
+	@Test
+	void sslIsNotEnabledWhenBundleIsEmpty() {
+		CassandraProperties properties = new CassandraProperties();
+		properties.getSsl().setBundle("");
+		assertThat(properties.getSsl().isEnabled()).isFalse();
+	}
+
 }
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/data/redis/RedisPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/data/redis/RedisPropertiesTests.java
index 9fe49f174eec..17e0164ebf76 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/data/redis/RedisPropertiesTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/data/redis/RedisPropertiesTests.java
@@ -39,4 +39,11 @@ void lettuceDefaultsAreConsistent() {
 			.isEqualTo(defaultClusterTopologyRefreshOptions.useDynamicRefreshSources());
 	}
 
+	@Test
+	void sslIsNotEnabledWhenBundleIsEmpty() {
+		RedisProperties properties = new RedisProperties();
+		properties.getSsl().setBundle("");
+		assertThat(properties.getSsl().isEnabled()).isFalse();
+	}
+
 }
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mongo/MongoPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mongo/MongoPropertiesTests.java
index 3a9cf251cf38..ba24ebd1a9e3 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mongo/MongoPropertiesTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mongo/MongoPropertiesTests.java
@@ -37,6 +37,13 @@ void defaultUuidRepresentationIsAlignedWithSpringData() {
 		assertThat(springBootDefault).isEqualTo(springDataDefault);
 	}
 
+	@Test
+	void sslIsNotEnabledWhenBundleIsEmpty() {
+		MongoProperties properties = new MongoProperties();
+		properties.getSsl().setBundle("");
+		assertThat(properties.getSsl().isEnabled()).isFalse();
+	}
+
 	private UuidRepresentation springDataDefaultUuidRepresentation() {
 		return new MongoConfigurationSupport() {
 

From 88a7a44bafca87fe17e5381b146b2dc90a190a50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Nicoll?= <stephane.nicoll@broadcom.com>
Date: Sat, 30 May 2026 16:11:36 +0200
Subject: [PATCH 2/2] Polish "Treat empty SSL bundle as unset"

Update Mail SSL configuration as well.

See gh-50624
---
 .../mail/MailSenderPropertiesConfiguration.java   |  2 +-
 .../mail/MailSenderAutoConfigurationTests.java    | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java
index e872fe8332e6..8b91aaeb6d08 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mail/MailSenderPropertiesConfiguration.java
@@ -69,7 +69,7 @@ private void applyProperties(MailProperties properties, JavaMailSenderImpl sende
 		if (ssl.isEnabled()) {
 			javaMailProperties.setProperty("mail." + protocol + ".ssl.enable", "true");
 		}
-		if (ssl.getBundle() != null) {
+		if (StringUtils.hasLength(ssl.getBundle())) {
 			SslBundle sslBundle = sslBundles.getBundle(ssl.getBundle());
 			javaMailProperties.put("mail." + protocol + ".ssl.socketFactory",
 					sslBundle.createSslContext().getSocketFactory());
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java
index b2ae3f3647b6..04975e8f230f 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mail/MailSenderAutoConfigurationTests.java
@@ -245,6 +245,21 @@ void connectionOnStartupNotCalled() {
 			});
 	}
 
+	@Test
+	@WithPackageResources("test.jks")
+	void sslIsNotEnabledWhenBundleIsEmpty() {
+		this.contextRunner
+			.withPropertyValues("spring.mail.host:localhost", "spring.mail.ssl.bundle: ",
+					"spring.ssl.bundle.jks.test-bundle.keystore.location:classpath:test.jks",
+					"spring.ssl.bundle.jks.test-bundle.keystore.password:secret",
+					"spring.ssl.bundle.jks.test-bundle.key.password:password")
+			.run((context) -> {
+				assertThat(context).hasSingleBean(JavaMailSenderImpl.class);
+				JavaMailSenderImpl mailSender = context.getBean(JavaMailSenderImpl.class);
+				assertThat(mailSender.getJavaMailProperties().get("mail.smtp.ssl.socketFactory")).isNull();
+			});
+	}
+
 	@Test
 	void smtpSslEnabled() {
 		this.contextRunner.withPropertyValues("spring.mail.host:localhost", "spring.mail.ssl.enabled:true")