Thanks for the reply, Oleg. If we upgrade to 4.1, is there a counterpart to AuthSSLSocketFactory that provides a default SSLContext of SSLv3 or TLSv1?
-----Original Message----- From: Oleg Kalnichevski [mailto:[email protected]] Sent: Monday, March 14, 2011 2:43 AM To: HttpClient User Discussion Subject: Re: SSLcontext setting question On Sun, 2011-03-13 at 15:21 -0700, Mark Aronszajn wrote: > I'm using HttpClient 3.1. > > It appears that the use of an instance of AuthSSLProtocolSocketFactory in our > code (when setting a Host for an HttpClient instance) results in a choice of > SSLcontext that does not use a handshake compatible with a server requiring > SSLv3 or TLSv1 or above. Apparently, the handshake is extended as SSLv2. I > see from the AuthSSLProtocolSocketFactory code that in the createSSLContext > method, SSLContext is hard-coded as "SSL". > > I've seen some email threads in this httpclient-users list that seems to > suggest that we should be using a custom SocketFactory. > > I'm hoping to get some guidance... Currently I've simply copied the > AuthSSLProtocolSocketFactory class, given it a new name and changed code so > that a String value can be passed in as parameter to the constructor that > will designate an Algorithm Name other than the one, "SSL", that is > hard-coded in AuthSSLProtocolSocketFactory's private createSSLContext method. > I don't see with any confidence a better way to handle this. (Actually not > quite sure this does the trick because we haven't got a test platform set up > yet that demands SSLv3 or TSLv1 or above). > > One post from back in 2008 suggested overriding the createSocket method > instead, but it only mentions overriding one of the 4 public createSocket > methods, and I'm not sure whether that's sufficient or the writer just left > omitted mentioning how to override the other 3 methods. > > Anyone have advice, or some good examples of code that addresses this issue? > HttpClient 3.1 is EOL and is no longer maintained. If you are not willing / able to upgrade to HC 4.1, coping and tweaking AuthSSLProtocolSocketFactory is the way to go. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
