Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set cipher suites with javax.net.ssl.SSLContext

Tags:

In a spring boot application using java8, I am setting the underlying SSLConext of an httpClient connection as follows:

 import javax.net.ssl.SSLContext;

  SSLContext sslContext =  SSLContext.getInstance("TLSv1.2");
  sslContext.init(null, null, null); 

  CloseableHttpClient httpClient = HttpClientBuilder
          .create()
          .setConnectionManager(myConnectionManager)
          .setDefaultRequestConfig(rqConfig)
          .setSSLContext(sslContext)
          .build();

I need to set the cipher suites for the underlying TLS1.2 secured connection to something stronger of my choice. I don't see a way to do this with the way I am creation the sslContext in my code.

Can someone help me set up the cipher suites with my sslContext ?

================UPDATE=================

 This is how I have now created my HttpClient

 CloseableHttpClient httpClient = HttpClientBuilder
          .create()
          .setConnectionManager(myConnectionManager)
          .setDefaultRequestConfig(rqConfig)
          .setSSLSocketFactory(new SSLConnectionSocketFactory(
                  SSLContexts.createSystemDefault(),
                  new String[]{"TLSv1.2"},
                  new String[] {"some-gibberish-cipher-suite"},
                  SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
          .build();
like image 586
Ray S Avatar asked Dec 28 '18 02:12

Ray S


1 Answers

Preferred TLS protocol versions and custom ciphers can be specified when creating a custom SSLConnectionSocketFactory instance

CloseableHttpClient client = HttpClients.custom()
    .setSSLSocketFactory(new SSLConnectionSocketFactory(
            SSLContexts.createSystemDefault(),
            new String[]{"TLSv1.2"},
            new String[] {"TLS_RSA_WITH_AES_256_CBC_SHA256"},
            SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
    .build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://httpbin.org/"))) {
    System.out.println(response.getStatusLine());
    HttpEntity entity = response.getEntity();
    EntityUtils.consume(entity);
}

Alternatively, one can create a custom PoolingHttpClientConnectionManager instance with the desired SSL configuration.

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", new SSLConnectionSocketFactory(
                SSLContexts.createSystemDefault(),
                new String[]{"TLSv1.2"},
                new String[]{"TLS_RSA_WITH_AES_256_CBC_SHA256"},
                SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
        .build());

CloseableHttpClient client = HttpClients.custom()
    .setConnectionManager(cm)
    .build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://httpbin.org/"))) {
    System.out.println(response.getStatusLine());
    HttpEntity entity = response.getEntity();
    EntityUtils.consume(entity);
}
like image 164
ok2c Avatar answered Sep 29 '22 00:09

ok2c