[jira] [Commented] (HTTPCLIENT-1967) HttpClient does not appears to support TLSv1.3 well

Fri, 25 Jan 2019 11:47:01 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752612#comment-16752612
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1967:
-----------------------------------------------

HttpClient uses the JSSE provider supplied at the construction time to 
implement TLS transport security. It does not have any custom TLS code (other 
than hostname verification routine). If TLSv1.3 does not work for you it is a 
JRE issue and not that of HttpClient.

1. Please specify the exact version of the JRE you are using

2. Please provide the exact exception stack trace

Oleg   

   

> HttpClient does not appears to support TLSv1.3 well
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1967
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1967
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (Windows)
>    Affects Versions: 4.5.3, 4.5.6
>         Environment: Windows
>            Reporter: FUMIN
>            Priority: Major
>         Attachments: TestHttpClient.java
>
>
> # Set up a clean Apache Tomcat server, in my case I downloaded 8.5.37.
>  # Setup and change the server.xml to setup HTTPS/TLS 1.3 connector, I have 
> this section:
>     <Connector port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
>                 maxThreads="150" SSLEnabled="true" >
>          <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
>          <SSLHostConfig ciphers="TLS_AES_256_GCM_SHA384" protocols="TLSv1.3" 
> sslProtocol="TLS">
>              <Certificate certificateKeystoreFile="conf/.keystore" 
> certificateKeystoreType="jks"/>
>          </SSLHostConfig>
>      </Connector>
> 3. Connect from Chrome or Firefox, able to verify browser can connect to the 
> server with TLSv1.3 cipher suites.
> 4. Use a test program, such as the attached.  Update the URL to point to the 
> TLS1.3 supported server. Run the program, Notice the behavior.
> (Note, I am using java 11 for both the server and the client where TLSv1.3 is 
> supported)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to