hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Aronszajn <mark.aronsz...@openmarket.com>
Subject RE: SSLcontext setting question
Date Mon, 14 Mar 2011 15:22:03 GMT
Thanks for the reply, Oleg.

If we upgrade to 4.1, is there a counterpart to AuthSSLSocketFactory that provides a default
SSLContext of SSLv3 or TLSv1?

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: Monday, March 14, 2011 2:43 AM
To: HttpClient User Discussion
Subject: Re: SSLcontext setting question

On Sun, 2011-03-13 at 15:21 -0700, Mark Aronszajn wrote:
> I'm using HttpClient 3.1.
> 
> It appears that the use of an instance of AuthSSLProtocolSocketFactory in our code (when
setting a Host for an HttpClient instance) results in a choice of SSLcontext that does not
use a handshake compatible with a server requiring SSLv3 or TLSv1 or above. Apparently, the
handshake is extended as SSLv2. I see from the AuthSSLProtocolSocketFactory code that in the
createSSLContext method, SSLContext is hard-coded as "SSL".
> 
> I've seen some email threads in this httpclient-users list that seems to suggest that
we should be using a custom SocketFactory.
> 
> I'm hoping to get some guidance... Currently I've simply copied the AuthSSLProtocolSocketFactory
class, given it a new name and changed code so that a String value can be passed in as parameter
to the constructor that will designate an Algorithm Name other than the one, "SSL", that is
hard-coded in AuthSSLProtocolSocketFactory's private createSSLContext method. I don't see
with any confidence a better way to handle this. (Actually not quite sure this does the trick
because we haven't got a test platform set up yet that demands SSLv3 or TSLv1 or above).
> 
> One post from back in 2008 suggested overriding the createSocket method instead, but
it only mentions overriding one of the 4 public createSocket methods, and I'm not sure whether
that's sufficient or the writer just left omitted mentioning how to override the other 3 methods.
> 
> Anyone have advice, or some good examples of code that addresses this issue?
> 

HttpClient 3.1 is EOL and is no longer maintained. If you are not
willing / able to upgrade to HC 4.1, coping and tweaking
AuthSSLProtocolSocketFactory is the way to go.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


This message and the information contained herein is proprietary and confidential and subject
to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
Mime
View raw message