Hi, I'm using HttpClient v4.5 over a WebSphere 7 trying to connect to a TLSv1.2 endpoint.
HttpClient creation code snippet: HttpHost proxy = new HttpHost("XX.XX.XX.XX", 8080); DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner( proxy); SSLContext sslContext = SSLContexts.createDefault(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( sslContext, new String[] { "TLSv1.2" }, null, NoopHostnameVerifier.INSTANCE); CloseableHttpClient httpClient = HttpClients .custom() .setDefaultRequestConfig( RequestConfig.custom() .setConnectionRequestTimeout(connectionTimeout) .setConnectTimeout(connectionTimeout) .setSocketTimeout(requestTimeout) .setCookieSpec(CookieSpecs.IGNORE_COOKIES) .setRedirectsEnabled(false) // .setMaxRedirects(3) .build()) .setDefaultCredentialsProvider(getCredentialsProvider()) .setRoutePlanner(routePlanner).setSSLSocketFactory(sslsf) .setConnectionManager(getConnectionManager()).build(); HttpClient usage: proxyResponse = http*Client* .execute(getTargetHost(servletRequest), proxyRequest, connectionContext); But it fails, and in the logs I see that it's trying to use TLSv1. 17:42:30.401 [WebContainer : 9] DEBUG o.a.h.c.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies 17:42:30.415 [WebContainer : 9] DEBUG o.a.h.c.protocol.RequestAuthCache - Auth cache not set in the context 17:42:30.417 [WebContainer : 9] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: {tls}->http://10.0.2.137:8080->https://test.online.org.veraz.com.ar:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20] 17:42:30.465 [WebContainer : 9] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {tls}->http://10.0.2.137:8080- >https://test.online.org.veraz.com.ar:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 20] 17:42:30.468 [WebContainer : 9] DEBUG o.a.h.impl.execchain.MainClientExec - Opening connection {tls}->http://10.0.2.137:8080-> https://test.online.org.veraz.com.ar:443 17:42:30.471 [WebContainer : 9] DEBUG o.a.h.i.c.DefaultHttpClientConnectionOperator - Connecting to / 10.0.2.137:8080 17:42:30.476 [WebContainer : 9] DEBUG o.a.h.i.c.DefaultHttpClientConnectionOperator - Connection established 10.7.232.42:48025<->10.0.2.137:8080 17:42:30.480 [WebContainer : 9] DEBUG org.apache.http.headers - http-outgoing-0 >> CONNECT test.online.org.veraz.com.ar:443 HTTP/1.1 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: test.online.org.veraz.com.ar 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5 (Java/1.6.0) 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - http-outgoing-0 >> "CONNECT test.online.org.veraz.com.ar:443 HTTP/1.1[\r][\n]" 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: test.online.org.veraz.com.ar[\r][\n]" 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5 (Java/1.6.0)[\r][\n]" 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]" 17:42:30.690 [WebContainer : 9] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 Connection established[\r][\n]" 17:42:30.690 [WebContainer : 9] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]" 17:42:30.696 [WebContainer : 9] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 Connection established 17:42:30.700 [WebContainer : 9] DEBUG o.a.h.impl.execchain.MainClientExec - Tunnel to target created. 17:42:30.702 [WebContainer : 9] DEBUG o.a.h.c.s.SSLConnectionSocketFactory - *Enabled protocols: [TLSv1]* 17:42:30.702 [WebContainer : 9] DEBUG o.a.h.c.s.SSLConnectionSocketFactory - Enabled cipher suites:[SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 17:42:30.702 [WebContainer : 9] DEBUG o.a.h.c.s.SSLConnectionSocketFactory - Starting handshake 17:42:30.857 [WebContainer : 9] DEBUG o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection 17:42:30.858 [WebContainer : 9] DEBUG o.a.h.impl.execchain.MainClientExec - Connection discarded 17:42:30.858 [WebContainer : 9] DEBUG o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection 17:42:30.858 [WebContainer : 9] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {tls}->http://10.0.2.137:8080- >https://test.online.org.veraz.com.ar:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.ibm.jsse2.o.a(o.java:22) at com.ibm.jsse2.o.a(o.java:34) at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:378) at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:479) at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437) at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142) at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:185) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:369) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:415) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at ar.com.bna.fu.proxy.proxy.ProxyServlet.service(ProxyServlet.java:358) What am I doing wrong? Thanks in advance, Jonathan.