hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Westerman" <dlwes...@us.ibm.com>
Subject Having Trouble Getting HttpClient Working with TLSv1.2
Date Fri, 22 Apr 2016 20:04:12 GMT
We are using ApacheHttpClient to connect to an external REST service. We've been using version
4.3.5, but we also tried it with 4.5.2, and the results have been the same. The backend service
changed to force the use of TLSv1.2, which causes our code to fail because of the protocol
versiom. So we tried to make changes to use that, but no matter what we try, we're still getting
the error. Here is our latest iteration of the code:  
    SSLContext sslContext = SSLContexts.custom().useProtocol("TLSv1.2").build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[]
{ "TLSv1.2" },
        new String[] { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" },
    HttpClientBuilder httpClientBuilder = HttpClientBuilder.create().setDefaultRequestConfig(requestConfig)
    handleAuthentication(uri, httpClientBuilder);
    httpClient = httpClientBuilder.build();
I am also setting the following JVM options:  
JVM_ARGS=-Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=all
But we are still getting the error:  
[4/21/16 17:27:37:123 EDT] 00000042 id=         bm.myw3.services.awf.sso.ejb.generator.SSOTokenGeneratorImpl
I Exception :: javax.net.ssl.SSLException: Received fatal alert: protocol_version  
[4/21/16 17:27:37:124 EDT] 00000042 id=         com.ibm.myw3.services.awf.sso.ejb.SSOTokenManagerBean
       E SSOTokenGeneratorException :: {0}
com.ibm.myw3.services.awf.sso.ejb.config.SSOTokenGeneratorException: Exception while executing
http request for retrieving Token  

I have a trace.log, which I can upload if anyone thinks it would be useful to see. But here
are various entries from the trace:  
    Default Executor-thread-25, WRITE: TLSv1.2 Handshake, length = 80
    Default Executor-thread-25, WRITE: TLSv1.2 Application Data, length = 256
    Default Executor-thread-25, READ: TLSv1.2 Application Data, length = 1552
    Finalizer thread, WRITE: TLSv1.2 Alert, length = 64

And then it goes on to try TLSv1. I'm not sure what to look for to determine why it's not
using TLSv1.2, but nothing is jumping out at me from the trace.

To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message