hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KARR, DAVID" <dk0...@att.com>
Subject RE: How to use TLSv1.2 with httpclient 4.1.2 (httpcore 4.1.3)
Date Sat, 11 Feb 2017 04:12:04 GMT
> -----Original Message-----
> From: KARR, DAVID
> Sent: Friday, February 10, 2017 8:03 PM
> To: HttpClient User Discussion <httpclient-users@hc.apache.org>
> Subject: RE: How to use TLSv1.2 with httpclient 4.1.2 (httpcore 4.1.3)
> 
> > -----Original Message-----
> > From: Bhowmik, Bindul [mailto:bindulbhowmik@gmail.com]
> > Sent: Friday, February 10, 2017 3:12 PM
> > To: HttpClient User Discussion <httpclient-users@hc.apache.org>
> > Subject: Re: How to use TLSv1.2 with httpclient 4.1.2 (httpcore 4.1.3)
> >
> > On Fri, Feb 10, 2017 at 3:30 PM, KARR, DAVID <dk068x@att.com> wrote:
> > > I've been asked to look at some old code using httpclient-4.1.2 and
> > httpcore-4.1.3, which connects to internal sites using TLSv1.0.  We
> > now need to force it to use TLSv1.2.  Several other devs have tried to
> > get this to work, and they've all given up, for now.  I've seen many
> > StackOverflow postings, and in other places, that talk about the
> > various ways to resolve this.
> > >
> > > Could someone give me a succinct summary of what I need to do to
> > > make
> > this work?
> > >
> > > If part of the answer means that I'll need to upgrade to a newer
> > version of httpclient, I'm ok with that, but only if it's really
> > necessary.  Upgrading that may result in other impacts which I'd like
> > to minimize.
> >
> > You might want to look at this thread [1] discussing a similar query.
> > However, the SSLConnectionSocketFactory [2] used that example was
> > introduced in client version 4.3 from the class documentation.
> >
> > Another option would be to disable TLS v1.0 in the JRE itself [3].
> >
> > - Bindul
> >
> > [1]
> > https://lists.apache.org/thread.html/3e869bd14dea55febc4a8a03bc1d2663e
> > 68
> > 371c37b69fb581a58d8d7@1436119445@%3Chttpclient-users.hc.apache.org%3E
> > [2]
> > http://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5
> > .x
> > /httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocket
> > Fa
> > ctory.java
> > [3] https://www.java.com/en/configure_crypto.html#enableTLSv1_2
> 
> The curious thing about the info on this last page is that when I search
> for JDK 1.7 on the Oracle JDK downloads page, the newest version
> available is 1.7.0_80, but this page talks about a property being
> introduced in 1.7.0_95.
> 

Ah.  I see.  Those versions require an Oracle Support account.
Mime
View raw message