Update netty dependency to 4.1.32 (#1160)

Also:
* explicitely set endpoint identification algorithm in strict mode
* force TLS protocols 1.2/1.3 in strict mode

Co-Authored-By: Bastien Teinturier <[email protected]>

eclair-core/pom.xml

@@ -147,7 +147,7 @@
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-all</artifactId>
-            <version>4.1.32.Final</version>
+            <version>4.1.42.Final</version>
         </dependency>
         <!-- BITCOIN -->
         <dependency>

eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala

@@ -67,7 +67,12 @@ class ElectrumClient(serverAddress: InetSocketAddress, ssl: SSL)(implicit val ec
         case SSL.OFF => ()
         case SSL.STRICT =>
           val sslCtx = SslContextBuilder.forClient.build
-          ch.pipeline.addLast(sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort))
+          val handler = sslCtx.newHandler(ch.alloc(), serverAddress.getHostName, serverAddress.getPort)
+          val sslParameters = handler.engine().getSSLParameters
+          sslParameters.setEndpointIdentificationAlgorithm("HTTPS")
+          handler.engine().setSSLParameters(sslParameters)
+          handler.engine().setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.3"))
+          ch.pipeline.addLast(handler)
         case SSL.LOOSE =>
           // INSECURE VERSION THAT DOESN'T CHECK CERTIFICATE
           val sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()