SSLv3 is disabled in Apache HttpClient since version 4.3.6, but I'm using version 4.5. The developers wrote:
Those users who wish to continue using SSLv3 need to explicitly enable support for it.
I tried to set the supported protocols on the JVM level, but it didn't work. The example is in Scala, but that is not relevant for the problem:
System.setProperty("https.protocols", "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2")
My second try was this:
val instance: CloseableHttpClient = {
val trustStrategy = new TrustStrategy {
override def isTrusted(x509Certificates: Array[X509Certificate], s: String) = true
}
val sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build()
val sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)
val socketFactoryRegistry =
RegistryBuilder.create[ConnectionSocketFactory]()
.register("http", PlainConnectionSocketFactory.getSocketFactory)
.register("https", sslSocketFactory)
.build()
val connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry)
HttpClients.custom()
.disableRedirectHandling()
.setSSLContext(sslContext)
.setConnectionManager(connectionManager)
.build()
}
But it didn't work either.
How can I connect to hosts supporting SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2 with Apache HttpClient 4.5?
To resolve the issue, do one of the following: Configure SSLContext with a TrustManager that accepts any certificate (see below). Configure SSLContext with an appropriate trust store that includes your certificate. Add the certificate for that site to the default Java trust store.
From Apache HTTP Client API version 4.3 on wards, DefaultHttpClient is deprecated.
HttpClient is fully thread-safe when used with a thread-safe connection manager such as MultiThreadedHttpConnectionManager.
HttpClient does not take system properties into account by default. One either needs to instruct HttpClient builder to do so
CloseableHttpClient client = HttpClients.createSystem();
or manually configure connection socket factory with custom protocol settings
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] { "SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
EDIT
This code snippet works just fine with the site mentioned in a comment
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://www.ethz.ch/de.html"))) {
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With