hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Fwd: Re: Re: Re: Setup DH parameters for cipher suite 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'.
Date Mon, 05 Oct 2015 12:29:26 GMT
On Sun, 2015-10-04 at 11:14 +0000, 이계영 wrote:
> 
> For clarity, is there a simple way like setting keystore?
> Or Should I implement the whole process of key agreement for DHE_RSA in CustomSSLSocketFactory?
> 

Yes, you should


> If I use the latest version, could you share more detail source?

http://hc.apache.org/httpcomponents-core-4.4.x/httpcore/xref/org/apache/http/ssl/SSLContextBuilder.html

Oleg

> Because I generate key using KeyPaireGenerator class, I get private key and public key.

> I don't know how to use loadTrustMaterial function with private key and public key. 
>
> In advance, thanks.
> 
> 
> ------- Original Message -------
> Sender : 이계영<gyeyoung.lee@samsung.com>  S5(책임)/책임/IoT Vertical Solution
Lab(DMC연)/삼성전자
> Date   : 2015-10-01 18:08 (GMT+09:00)
> Title  : Re: Re: Re: Setup DH parameters for cipher suite 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'.
> 
> 
> I did make CustomSSLSocketFactory and keyStore and TrustkeyStore in it. 
> But I can't implement DH key agreement. 
> I am trying hard to find the below method as you said, but failed to look for method
like it.
> Please tell me the way to develop with HC 4.2   
> 
> * SSContexts is not supported in HC 4.2 
> sslcontext = SSLContexts.custom()
>                     .loadKeyMaterial(url, "secret".toCharArray(), "secret".toCharArray())
>                     .build();
> 
> Thanks,
> Gary
> 
> ------- Original Message -------
> Sender : Oleg Kalnichevski<olegk@apache.org> 
> Date   : 2015-09-17 18:54 (GMT+09:00)
> Title  : Re: Re: Setup DH parameters for cipher suite
>  'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'.
> 
> On Thu, 2015-09-17 at 08:24 +0000, 이계영 wrote:
> > 
> > Thanks for your reply.
> > 
> > But it is a big job to upgrade httpclient and httpcore.
> > 
> > Maybe is it a way with 4.2.5 ? 
> > 
> 
> It can be done with any version of HttpClient. With HC 4.2 you will have
> to build a custom SSLSocketFactory to do the same.
> 
> Oleg
> 
> > Thanks,
> > Gary
> > 
> > On Wed, 2015-09-16 at 14:50 +0000, 이계영 wrote:
> > > 
> > > Hello Good Listener.
> > > 
> > > I am tring to setup DH parameters with a key length of 2048 bits for using
cipher suite 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'. 
> > > 
> > > I saw the way to use openssl like below. But I cannot find the way with httpclient
and httpcore. 
> > > 
> > > My version of httpclient and httpcore is 4.2.5.
> > > 
> > > openssl site : http://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tmp_dh_callback.html
> > > 
> > > Thanks,
> > > Gary
> > > 
> > 
> > Can you upgrade to HttpClient 4.5.1?
> > 
> > It is just easier with newer versions of HttpClient
> > 
> > http://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientCustomSSL.java
> > 
> > Oleg
> 
> <p>&nbsp;</p>===================================================
> Lee, Gyeyoung
> 
> Smart Home Solution Lab 
> SAMSUNG ELECTRONICS Co., Ltd.
>                     
> Mobile : +82-10-5588-2137 
> E-mail : gyeyoung.lee@samsung.com
> ===================================================<p>&nbsp;</p>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message