On Mon, 2011-03-14 at 08:22 -0700, Mark Aronszajn wrote: > Thanks for the reply, Oleg. > > If we upgrade to 4.1, is there a counterpart to AuthSSLSocketFactory that > provides a default SSLContext of SSLv3 or TLSv1? >
AuthSSLSocketFactory code simply got folded into the standard SSLSocketFactory http://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.1.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java Oleg > -----Original Message----- > From: Oleg Kalnichevski [mailto:[email protected]] > Sent: Monday, March 14, 2011 2:43 AM > To: HttpClient User Discussion > Subject: Re: SSLcontext setting question > > On Sun, 2011-03-13 at 15:21 -0700, Mark Aronszajn wrote: > > I'm using HttpClient 3.1. > > > > It appears that the use of an instance of AuthSSLProtocolSocketFactory in > > our code (when setting a Host for an HttpClient instance) results in a > > choice of SSLcontext that does not use a handshake compatible with a server > > requiring SSLv3 or TLSv1 or above. Apparently, the handshake is extended as > > SSLv2. I see from the AuthSSLProtocolSocketFactory code that in the > > createSSLContext method, SSLContext is hard-coded as "SSL". > > > > I've seen some email threads in this httpclient-users list that seems to > > suggest that we should be using a custom SocketFactory. > > > > I'm hoping to get some guidance... Currently I've simply copied the > > AuthSSLProtocolSocketFactory class, given it a new name and changed code so > > that a String value can be passed in as parameter to the constructor that > > will designate an Algorithm Name other than the one, "SSL", that is > > hard-coded in AuthSSLProtocolSocketFactory's private createSSLContext > > method. I don't see with any confidence a better way to handle this. > > (Actually not quite sure this does the trick because we haven't got a test > > platform set up yet that demands SSLv3 or TSLv1 or above). > > > > One post from back in 2008 suggested overriding the createSocket method > > instead, but it only mentions overriding one of the 4 public createSocket > > methods, and I'm not sure whether that's sufficient or the writer just left > > omitted mentioning how to override the other 3 methods. > > > > Anyone have advice, or some good examples of code that addresses this issue? > > > > HttpClient 3.1 is EOL and is no longer maintained. If you are not > willing / able to upgrade to HC 4.1, coping and tweaking > AuthSSLProtocolSocketFactory is the way to go. > > Oleg > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, > you may review at http://www.amdocs.com/email_disclaimer.asp --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
