On Wed, 2018-05-30 at 17:58 -0300, Jonathan Barbero wrote:
> Hi,
>
> I'm using HttpClient v4.5 over a WebSphere 7 trying to connect to a
> TLSv1.2 endpoint.
>
> HttpClient creation code snippet:
>
> HttpHost proxy = new HttpHost("XX.XX.XX.XX", 8080);
> DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(
> proxy);
>
> SSLContext sslContext = SSLContexts.createDefault();
> SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
> sslContext, new String[] { "TLSv1.2" }, null,
> NoopHostnameVerifier.INSTANCE);
>
> CloseableHttpClient httpClient = HttpClients
> .custom()
> .setDefaultRequestConfig(
> RequestConfig.custom()
> .setConnectionRequestTimeout(connectionTimeout)
> .setConnectTimeout(connectionTimeout)
> .setSocketTimeout(requestTimeout)
> .setCookieSpec(CookieSpecs.IGNORE_COOKIES)
> .setRedirectsEnabled(false)
> // .setMaxRedirects(3)
> .build())
> .setDefaultCredentialsProvider(getCredentialsProvider())
> .setRoutePlanner(routePlanner).setSSLSocketFactory(sslsf)
> .setConnectionManager(getConnectionManager()).build();
>
Jonathan
The parameter set with #setSSLSocketFactory has no effect because it
gets overwritten by #setConnectionManager. Either configure the
connection manager to use the socket factory in question or let
HttpClientBuilder create a connection manager internally.
Oleg
> HttpClient usage:
>
> proxyResponse = http*Client*
> .execute(getTargetHost(servletRequest),
> proxyRequest, connectionContext);
>
>
> But it fails, and in the logs I see that it's trying to use TLSv1.
>
>
> 17:42:30.401 [WebContainer : 9]
> DEBUG o.a.h.c.protocol.RequestAddCookies -
> CookieSpec selected: ignoreCookies
> 17:42:30.415 [WebContainer : 9]
> DEBUG o.a.h.c.protocol.RequestAuthCache -
> Auth cache not set in the context
> 17:42:30.417 [WebContainer : 9] DEBUG
> o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
> [route:
> {tls}->http://10.0.2.137:8080->https://test.online.org.veraz.com.ar:4
> 43][total
> kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20]
> 17:42:30.465 [WebContainer : 9] DEBUG
> o.a.h.i.c.PoolingHttpClientConnectionManager - Connection leased:
> [id:
> 0][route: {tls}->http://10.0.2.137:8080-
> > https://test.online.org.veraz.com.ar:443][total kept alive: 0;
> > route
>
> allocated: 1 of 20; total allocated: 1 of 20]
> 17:42:30.468 [WebContainer : 9]
> DEBUG o.a.h.impl.execchain.MainClientExec
> - Opening connection {tls}->http://10.0.2.137:8080->;
> https://test.online.org.veraz.com.ar:443
> 17:42:30.471 [WebContainer : 9] DEBUG
> o.a.h.i.c.DefaultHttpClientConnectionOperator - Connecting to /
> 10.0.2.137:8080
> 17:42:30.476 [WebContainer : 9] DEBUG
> o.a.h.i.c.DefaultHttpClientConnectionOperator - Connection
> established
> 10.7.232.42:48025<->10.0.2.137:8080
> 17:42:30.480 [WebContainer : 9] DEBUG org.apache.http.headers -
> http-outgoing-0 >> CONNECT test.online.org.veraz.com.ar:443 HTTP/1.1
> 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.headers -
> http-outgoing-0 >> Host: test.online.org.veraz.com.ar
> 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.headers -
> http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5 (Java/1.6.0)
> 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire -
> http-outgoing-0 >> "CONNECT test.online.org.veraz.com.ar:443
> HTTP/1.1[\r][\n]"
> 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire -
> http-outgoing-0 >> "Host: test.online.org.veraz.com.ar[\r][\n]"
> 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire -
> http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5
> (Java/1.6.0)[\r][\n]"
> 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire -
> http-outgoing-0 >> "[\r][\n]"
> 17:42:30.690 [WebContainer : 9] DEBUG org.apache.http.wire -
> http-outgoing-0 << "HTTP/1.1 200 Connection established[\r][\n]"
> 17:42:30.690 [WebContainer : 9] DEBUG org.apache.http.wire -
> http-outgoing-0 << "[\r][\n]"
> 17:42:30.696 [WebContainer : 9] DEBUG org.apache.http.headers -
> http-outgoing-0 << HTTP/1.1 200 Connection established
> 17:42:30.700 [WebContainer : 9]
> DEBUG o.a.h.impl.execchain.MainClientExec
> - Tunnel to target created.
> 17:42:30.702 [WebContainer : 9]
> DEBUG o.a.h.c.s.SSLConnectionSocketFactory
> - *Enabled protocols: [TLSv1]*
> 17:42:30.702 [WebContainer : 9]
> DEBUG o.a.h.c.s.SSLConnectionSocketFactory
> - Enabled cipher suites:[SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA,
> SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA,
> SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
> 17:42:30.702 [WebContainer : 9]
> DEBUG o.a.h.c.s.SSLConnectionSocketFactory
> - Starting handshake
> 17:42:30.857 [WebContainer : 9] DEBUG
> o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0:
> Shutdown
> connection
> 17:42:30.858 [WebContainer : 9]
> DEBUG o.a.h.impl.execchain.MainClientExec
> - Connection discarded
> 17:42:30.858 [WebContainer : 9] DEBUG
> o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0: Close
> connection
> 17:42:30.858 [WebContainer : 9] DEBUG
> o.a.h.i.c.PoolingHttpClientConnectionManager - Connection released:
> [id:
> 0][route: {tls}->http://10.0.2.137:8080-
> > https://test.online.org.veraz.com.ar:443][total kept alive: 0;
> > route
>
> allocated: 0 of 20; total allocated: 0 of 20]
>
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure
> at com.ibm.jsse2.o.a(o.java:22)
> at com.ibm.jsse2.o.a(o.java:34)
> at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:378)
> at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:479)
> at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
> at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
> at
> com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
> at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSock
> et(SSLConnectionSocketFactory.java:394)
> at
> org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade
> (DefaultHttpClientConnectionOperator.java:185)
> at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(
> PoolingHttpClientConnectionManager.java:369)
> at
> org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClie
> ntExec.java:415)
> at
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.
> java:236)
> at
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java
> :184)
> at
> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> at
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java
> :110)
> at
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp
> Client.java:184)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
> Client.java:71)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
> Client.java:55)
> at
> ar.com.bna.fu.proxy.proxy.ProxyServlet.service(ProxyServlet.java:358)
>
>
> What am I doing wrong?
>
> Thanks in advance,
> Jonathan.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
