Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to enforce TLS1.2 to Rest client using Rest Template

I am consuming json webservice using Spring3.0 restTemplate by calling post method.

        MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
        headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);      
        HttpEntity<Object> entity = new HttpEntity<Object>(requestAsString, headers);
        postForObject = restTemplate.postForObject(url, entity, responseClass );

Our application is deployed in WAS server and trying to connect producer by creating socket connection with TLS1.0. However, now producer only supports TLS1.1 and TLS1.2.

How to enforce restTempate to use TLS1.1 or TLS 1.2.

Normally for apache httpclient code , create custom ProtocolSocketFactory and override createSocket method. However , in case of RestTemplate , how to achieve same.

like image 724
Panther Avatar asked Aug 26 '16 08:08

Panther


3 Answers

With Spring > 3.1:

import javax.net.ssl.SSLContext;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);

CloseableHttpClient httpClient = HttpClientBuilder.create().setSSLContext(context)
    .build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(factory);
.....
like image 63
Michal Foksa Avatar answered Sep 21 '22 13:09

Michal Foksa


You can configure your RestTemplate to use a custom ClientHttpRequestFactory. In particular (since you're using Spring 3.0), there is a CommonsClientHttpRequestFactory. That will enable you to configure commons HTTP in detail, and your RestTemplate will use that for executing its requests.

Please note that the actual implementation classes have changed in later versions of Spring (and if you're still on 3.0 you really should consider updating). From 3.1 on the implementation class is called HttpComponentsClientHttpRequestFactory.

like image 45
marthursson Avatar answered Sep 20 '22 13:09

marthursson


@abhishekhp If your question is still up.

    RestTemplate restTemplate = new RestTemplate();
    DefaultHttpClient httpClient = new DefaultHttpClient();
    // We're going to try and load and enable TLS version 1.2 standard communication context from JSSE Providers
    // This is enabled only for download media Mirakl as some merchants don't accept communication with TLS versions prior to 1.1
    try {
        SSLContext context;
        context = SSLContext.getInstance("TLSv1.2");
        context.init(null, null, null);

        SSLSocketFactory ssf = new SSLSocketFactory(context);
        ClientConnectionManager ccm = httpClient.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
        sr.register(new Scheme("https", 443, ssf));

    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        LOGGER.warn("Could not load the TLS version 1.2 due to => ", e);
    }

    restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient));
like image 32
Med Arrafi Avatar answered Sep 18 '22 13:09

Med Arrafi