On Wed, 2018-05-30 at 17:58 -0300, Jonathan Barbero wrote: > Hi, > > I'm using HttpClient v4.5 over a WebSphere 7 trying to connect to a > TLSv1.2 endpoint. > > HttpClient creation code snippet: > > HttpHost proxy = new HttpHost("XX.XX.XX.XX", 8080); > DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner( > proxy); > > SSLContext sslContext = SSLContexts.createDefault(); > SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( > sslContext, new String[] { "TLSv1.2" }, null, > NoopHostnameVerifier.INSTANCE); > > CloseableHttpClient httpClient = HttpClients > .custom() > .setDefaultRequestConfig( > RequestConfig.custom() > .setConnectionRequestTimeout(connectionTimeout) > .setConnectTimeout(connectionTimeout) > .setSocketTimeout(requestTimeout) > .setCookieSpec(CookieSpecs.IGNORE_COOKIES) > .setRedirectsEnabled(false) > // .setMaxRedirects(3) > .build()) > .setDefaultCredentialsProvider(getCredentialsProvider()) > .setRoutePlanner(routePlanner).setSSLSocketFactory(sslsf) > .setConnectionManager(getConnectionManager()).build(); >
Jonathan The parameter set with #setSSLSocketFactory has no effect because it gets overwritten by #setConnectionManager. Either configure the connection manager to use the socket factory in question or let HttpClientBuilder create a connection manager internally. Oleg > HttpClient usage: > > proxyResponse = http*Client* > .execute(getTargetHost(servletRequest), > proxyRequest, connectionContext); > > > But it fails, and in the logs I see that it's trying to use TLSv1. > > > 17:42:30.401 [WebContainer : 9] > DEBUG o.a.h.c.protocol.RequestAddCookies - > CookieSpec selected: ignoreCookies > 17:42:30.415 [WebContainer : 9] > DEBUG o.a.h.c.protocol.RequestAuthCache - > Auth cache not set in the context > 17:42:30.417 [WebContainer : 9] DEBUG > o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: > [route: > {tls}->http://10.0.2.137:8080->https://test.online.org.veraz.com.ar:4 > 43][total > kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20] > 17:42:30.465 [WebContainer : 9] DEBUG > o.a.h.i.c.PoolingHttpClientConnectionManager - Connection leased: > [id: > 0][route: {tls}->http://10.0.2.137:8080- > > https://test.online.org.veraz.com.ar:443][total kept alive: 0; > > route > > allocated: 1 of 20; total allocated: 1 of 20] > 17:42:30.468 [WebContainer : 9] > DEBUG o.a.h.impl.execchain.MainClientExec > - Opening connection {tls}->http://10.0.2.137:8080->; > https://test.online.org.veraz.com.ar:443 > 17:42:30.471 [WebContainer : 9] DEBUG > o.a.h.i.c.DefaultHttpClientConnectionOperator - Connecting to / > 10.0.2.137:8080 > 17:42:30.476 [WebContainer : 9] DEBUG > o.a.h.i.c.DefaultHttpClientConnectionOperator - Connection > established > 10.7.232.42:48025<->10.0.2.137:8080 > 17:42:30.480 [WebContainer : 9] DEBUG org.apache.http.headers - > http-outgoing-0 >> CONNECT test.online.org.veraz.com.ar:443 HTTP/1.1 > 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.headers - > http-outgoing-0 >> Host: test.online.org.veraz.com.ar > 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.headers - > http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5 (Java/1.6.0) > 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - > http-outgoing-0 >> "CONNECT test.online.org.veraz.com.ar:443 > HTTP/1.1[\r][\n]" > 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - > http-outgoing-0 >> "Host: test.online.org.veraz.com.ar[\r][\n]" > 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - > http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5 > (Java/1.6.0)[\r][\n]" > 17:42:30.481 [WebContainer : 9] DEBUG org.apache.http.wire - > http-outgoing-0 >> "[\r][\n]" > 17:42:30.690 [WebContainer : 9] DEBUG org.apache.http.wire - > http-outgoing-0 << "HTTP/1.1 200 Connection established[\r][\n]" > 17:42:30.690 [WebContainer : 9] DEBUG org.apache.http.wire - > http-outgoing-0 << "[\r][\n]" > 17:42:30.696 [WebContainer : 9] DEBUG org.apache.http.headers - > http-outgoing-0 << HTTP/1.1 200 Connection established > 17:42:30.700 [WebContainer : 9] > DEBUG o.a.h.impl.execchain.MainClientExec > - Tunnel to target created. > 17:42:30.702 [WebContainer : 9] > DEBUG o.a.h.c.s.SSLConnectionSocketFactory > - *Enabled protocols: [TLSv1]* > 17:42:30.702 [WebContainer : 9] > DEBUG o.a.h.c.s.SSLConnectionSocketFactory > - Enabled cipher suites:[SSL_RSA_WITH_RC4_128_MD5, > SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, > SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, > SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, > SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, > SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, > SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, > SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] > 17:42:30.702 [WebContainer : 9] > DEBUG o.a.h.c.s.SSLConnectionSocketFactory > - Starting handshake > 17:42:30.857 [WebContainer : 9] DEBUG > o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0: > Shutdown > connection > 17:42:30.858 [WebContainer : 9] > DEBUG o.a.h.impl.execchain.MainClientExec > - Connection discarded > 17:42:30.858 [WebContainer : 9] DEBUG > o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0: Close > connection > 17:42:30.858 [WebContainer : 9] DEBUG > o.a.h.i.c.PoolingHttpClientConnectionManager - Connection released: > [id: > 0][route: {tls}->http://10.0.2.137:8080- > > https://test.online.org.veraz.com.ar:443][total kept alive: 0; > > route > > allocated: 0 of 20; total allocated: 0 of 20] > > javax.net.ssl.SSLHandshakeException: Received fatal alert: > handshake_failure > at com.ibm.jsse2.o.a(o.java:22) > at com.ibm.jsse2.o.a(o.java:34) > at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:378) > at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:479) > at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437) > at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142) > at > com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686) > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSock > et(SSLConnectionSocketFactory.java:394) > at > org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade > (DefaultHttpClientConnectionOperator.java:185) > at > org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade( > PoolingHttpClientConnectionManager.java:369) > at > org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClie > ntExec.java:415) > at > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec. > java:236) > at > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java > :184) > at > org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) > at > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java > :110) > at > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp > Client.java:184) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp > Client.java:71) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp > Client.java:55) > at > ar.com.bna.fu.proxy.proxy.ProxyServlet.service(ProxyServlet.java:358) > > > What am I doing wrong? > > Thanks in advance, > Jonathan. --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org