hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSLcontext setting question
Date Mon, 14 Mar 2011 09:42:50 GMT
On Sun, 2011-03-13 at 15:21 -0700, Mark Aronszajn wrote:
> I'm using HttpClient 3.1.
> 
> It appears that the use of an instance of AuthSSLProtocolSocketFactory in our code (when
setting a Host for an HttpClient instance) results in a choice of SSLcontext that does not
use a handshake compatible with a server requiring SSLv3 or TLSv1 or above. Apparently, the
handshake is extended as SSLv2. I see from the AuthSSLProtocolSocketFactory code that in the
createSSLContext method, SSLContext is hard-coded as "SSL".
> 
> I've seen some email threads in this httpclient-users list that seems to suggest that
we should be using a custom SocketFactory.
> 
> I'm hoping to get some guidance... Currently I've simply copied the AuthSSLProtocolSocketFactory
class, given it a new name and changed code so that a String value can be passed in as parameter
to the constructor that will designate an Algorithm Name other than the one, "SSL", that is
hard-coded in AuthSSLProtocolSocketFactory's private createSSLContext method. I don't see
with any confidence a better way to handle this. (Actually not quite sure this does the trick
because we haven't got a test platform set up yet that demands SSLv3 or TSLv1 or above).
> 
> One post from back in 2008 suggested overriding the createSocket method instead, but
it only mentions overriding one of the 4 public createSocket methods, and I'm not sure whether
that's sufficient or the writer just left omitted mentioning how to override the other 3 methods.
> 
> Anyone have advice, or some good examples of code that addresses this issue?
> 

HttpClient 3.1 is EOL and is no longer maintained. If you are not
willing / able to upgrade to HC 4.1, coping and tweaking
AuthSSLProtocolSocketFactory is the way to go.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message