Re: How to use TLSv1.2 with httpclient 4.1.2 (httpcore 4.1.3)

2017-02-10 Thread Bhowmik, Bindul 
On Fri, Feb 10, 2017 at 3:30 PM, KARR, DAVID  wrote:
> I've been asked to look at some old code using httpclient-4.1.2 and 
> httpcore-4.1.3, which connects to internal sites using TLSv1.0.  We now need 
> to force it to use TLSv1.2.  Several other devs have tried to get this to 
> work, and they've all given up, for now.  I've seen many StackOverflow 
> postings, and in other places, that talk about the various ways to resolve 
> this.
>
> Could someone give me a succinct summary of what I need to do to make this 
> work?
>
> If part of the answer means that I'll need to upgrade to a newer version of 
> httpclient, I'm ok with that, but only if it's really necessary.  Upgrading 
> that may result in other impacts which I'd like to minimize.

You might want to look at this thread [1] discussing a similar query.
However, the SSLConnectionSocketFactory [2] used that example was
introduced in client version 4.3 from the class documentation.

Another option would be to disable TLS v1.0 in the JRE itself [3].

- Bindul

[1] 
https://lists.apache.org/thread.html/3e869bd14dea55febc4a8a03bc1d2663e68371c37b69fb581a58d8d7@1436119445@%3Chttpclient-users.hc.apache.org%3E
[2] 
http://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
[3] https://www.java.com/en/configure_crypto.html#enableTLSv1_2

>
> -
> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Disabling pooling of PoolingConnectionManager

2016-10-17 Thread Bhowmik, Bindul 
Murat,

On Mon, Oct 17, 2016 at 8:11 PM, Murat Balkan <mrbal...@gmail.com> wrote:
> I see. I think that also means that I cannot share the ClosableHttpClient
> instance among multiple threads as each client can refer to one connection
> manager instance.
>
> Can connectionreusestrategy be used so that the pooling connection manager
> will always return a new connection regardless of the route provided?

I did not think about that, guess you could use the NoConnectionReuseStrategy

- Bindul

>
> Regards.
> Murat
>
> On Mon, Oct 17, 2016 at 5:05 PM, Bhowmik, Bindul <bindulbhow...@gmail.com>
> wrote:
>
>> Murat,
>>
>> On Mon, Oct 17, 2016 at 12:58 PM, Murat Balkan <mrbal...@gmail.com> wrote:
>> > Hi Bindul,
>> > Thanks for the answer.
>> > I was thinking that using a shared connection manager will increase the
>> > performance. What will be the implications of reusing the same
>> > BasicHttpClientConnectionManager instance?
>>
>> If you see the documentation for the BasicHttpClientConnectionManager
>> [1], you will see that it only maintains one active connection. If you
>> share the the instance, your requests will be waiting for the
>> connection to be available and that will be your bottleneck.
>>
>> I would also recommend reading the connection management section of
>> the Http Client documentation [2]
>>
>> - Bindul
>>
>> [1] http://hc.apache.org/httpcomponents-client-ga/
>> httpclient/apidocs/org/apache/http/impl/conn/
>> BasicHttpClientConnectionManager.html
>> [2] http://hc.apache.org/httpcomponents-client-4.5.x/
>> tutorial/html/connmgmt.html
>>
>> > Regards,
>> > Murat
>> >
>> > On Mon, Oct 17, 2016 at 2:31 PM, Bhowmik, Bindul <
>> bindulbhow...@gmail.com>
>> > wrote:
>> >
>> >> Murat,
>> >>
>> >> On Mon, Oct 17, 2016 at 11:12 AM, Murat Balkan <mrbal...@gmail.com>
>> wrote:
>> >> > Hi,
>> >> >
>> >> > We are using PoolingHttpClientConnectionManager to open up
>> connections
>> >> to
>> >> > multiple URL's in different threads (via different HttpGet objects).
>> >> >
>> >> > The only reason we are using the PoolingHttpClientConnectionManager
>> is
>> >> its'
>> >> > performance in multi-thread environments (as suggested by the
>> >> > documentation).
>> >> >
>> >> > However, we are not interested in the actual "pooling" functionality.
>> >> > That's to say, we want to open up a brand new connection even if the
>> >> route
>> >> > is the same.
>> >>
>> >> The performance enhancements you achieve from
>> >> PoolingHttpClientConnectionManager are due to its connection pooling
>> >> feature, that saves you to cost of establishing the connection when
>> >> another request goes to the same route.
>> >>
>> >> >
>> >> > How can we achieve this? We tried to set maxPerroute to 1 but it
>> seems it
>> >> > is not the correct way.
>> >>
>> >> I have not tested, but setting maxPerRoute to 1 would degrade
>> >> performance for you as you will have a number of Http clients waiting
>> >> for the single connection.
>> >>
>> >> If you do not want to use pooled connections, you can use
>> >> BasicHttpClientConnectionManager and not share it.
>> >>
>> >> >
>> >> > Regards,
>> >> > Murat
>> >>
>> >> -
>> >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
>> >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>> >>
>> >>
>> >
>> >
>> > --
>> > Murat Balkan
>>
>> -
>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>>
>>
>
>
> --
> Murat Balkan

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Disabling pooling of PoolingConnectionManager

2016-10-17 Thread Bhowmik, Bindul 
Murat,

On Mon, Oct 17, 2016 at 12:58 PM, Murat Balkan <mrbal...@gmail.com> wrote:
> Hi Bindul,
> Thanks for the answer.
> I was thinking that using a shared connection manager will increase the
> performance. What will be the implications of reusing the same
> BasicHttpClientConnectionManager instance?

If you see the documentation for the BasicHttpClientConnectionManager
[1], you will see that it only maintains one active connection. If you
share the the instance, your requests will be waiting for the
connection to be available and that will be your bottleneck.

I would also recommend reading the connection management section of
the Http Client documentation [2]

- Bindul

[1] 
http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/BasicHttpClientConnectionManager.html
[2] http://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/connmgmt.html

> Regards,
> Murat
>
> On Mon, Oct 17, 2016 at 2:31 PM, Bhowmik, Bindul <bindulbhow...@gmail.com>
> wrote:
>
>> Murat,
>>
>> On Mon, Oct 17, 2016 at 11:12 AM, Murat Balkan <mrbal...@gmail.com> wrote:
>> > Hi,
>> >
>> > We are using PoolingHttpClientConnectionManager to open up connections
>> to
>> > multiple URL's in different threads (via different HttpGet objects).
>> >
>> > The only reason we are using the PoolingHttpClientConnectionManager is
>> its'
>> > performance in multi-thread environments (as suggested by the
>> > documentation).
>> >
>> > However, we are not interested in the actual "pooling" functionality.
>> > That's to say, we want to open up a brand new connection even if the
>> route
>> > is the same.
>>
>> The performance enhancements you achieve from
>> PoolingHttpClientConnectionManager are due to its connection pooling
>> feature, that saves you to cost of establishing the connection when
>> another request goes to the same route.
>>
>> >
>> > How can we achieve this? We tried to set maxPerroute to 1 but it seems it
>> > is not the correct way.
>>
>> I have not tested, but setting maxPerRoute to 1 would degrade
>> performance for you as you will have a number of Http clients waiting
>> for the single connection.
>>
>> If you do not want to use pooled connections, you can use
>> BasicHttpClientConnectionManager and not share it.
>>
>> >
>> > Regards,
>> > Murat
>>
>> -
>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>>
>>
>
>
> --
> Murat Balkan

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Disabling pooling of PoolingConnectionManager

2016-10-17 Thread Bhowmik, Bindul 
Murat,

On Mon, Oct 17, 2016 at 11:12 AM, Murat Balkan  wrote:
> Hi,
>
> We are using PoolingHttpClientConnectionManager to open up connections to
> multiple URL's in different threads (via different HttpGet objects).
>
> The only reason we are using the PoolingHttpClientConnectionManager is its'
> performance in multi-thread environments (as suggested by the
> documentation).
>
> However, we are not interested in the actual "pooling" functionality.
> That's to say, we want to open up a brand new connection even if the route
> is the same.

The performance enhancements you achieve from
PoolingHttpClientConnectionManager are due to its connection pooling
feature, that saves you to cost of establishing the connection when
another request goes to the same route.

>
> How can we achieve this? We tried to set maxPerroute to 1 but it seems it
> is not the correct way.

I have not tested, but setting maxPerRoute to 1 would degrade
performance for you as you will have a number of Http clients waiting
for the single connection.

If you do not want to use pooled connections, you can use
BasicHttpClientConnectionManager and not share it.

>
> Regards,
> Murat

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Multiple DNS Server Settings

2016-08-11 Thread Bhowmik, Bindul 
Murat,

On Thu, Aug 11, 2016 at 1:36 PM, Murat Balkan  wrote:
> Hi,
> I will send out more than 100 get requests to several sites. However, I'd 
> like to use different DNS Server settings for each of them. What is the most 
> efficient way of doing this?
>
> As long as I know the setDns function is only applicable to 
> PoolingHttpClientConnectionManager so do I need to create multiple connection 
> managers for each different DNS server?

You could look at implementing custom DnsResolvers [1] to use
different DNS server settings; and have a custom DnsResolver 'proxy'
set on the HttpClient [2] to delegate to your custom resolvers based
on whatever parameters you choose.

>
> Thanks
> Murat

Regards,
Bindul

[1] 
https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/DnsResolver.html
[2] 
https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html#setDnsResolver(org.apache.http.conn.DnsResolver)

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: issue with https connection using Apache http client 4.3.5 with android

2016-04-22 Thread Bhowmik, Bindul 
Sunil,

While it is a bad idea to turn off certificate verification in
production code (allows MITM attacks); if you absolutely have you, you
can look at org.apache.http.conn.ssl.AllowAllHostnameVerifier (or
org.apache.http.conn.ssl.NoopHostnameVerifier for newer versions of
Http Client).

Bindul

On Fri, Apr 22, 2016 at 3:27 AM, Sunil Chandrasekharan
 wrote:
> How can i disable certifcate verification at client side.
> I dont need to verify the certificate at client side.
>
> Can you help me achieve HTTPS connection without verifying certifcate at
> client side.
>
>
>
> On Wed, Apr 20, 2016 at 3:34 PM,  wrote:
>
>> Hello,
>>
>> If you specify a URL with an IP literal, then the target host must have a
>> SSL/TLS certificate mentioning this name as commonName or
>> subjectAlternateName. This prevents person-in-the-middle attacks and is, as
>> you noticed enforced by the Hostname Verifier.
>>
>> Not sure about android, but on a pc i would add a hostname alias to the
>> /etc/hosts file and specify the name in the URL for testing purposes
>> (production servers should obviously use DNS).
>>
>> If you absolutely must use an IP you could think about a specific verifier
>> which binds the certificate to the IP with no additional checking.
>>
>> As for your "other error", you need to tell us which one.
>>
>> Does not look like an issue with Android or your code so far.
>>
>> Gruss
>> Bernd
>>
>> --
>> http://bernd.eckenfels.net
>>
>> -Original Message-
>> From: Sunil Chandrasekharan 
>> To: httpclient-users@hc.apache.org
>> Sent: Mi., 20 Apr. 2016 8:02
>> Subject: issue with https connection using Apache http client 4.3.5 with
>> android
>>
>> Hi ,
>>
>> I am trying to implement https connection support using Apache http client
>> 4.3.5 on my Android devices
>>
>> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
>> trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
>> trustStore.load(null, null);
>> SSLContext sslContext =
>> SSLContexts.custom().loadTrustMaterial(trustStore, new
>> TrustSelfSignedStrategy()).build();
>> SSLConnectionSocketFactory sslConnectionFactory = new
>> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
>> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>>
>> builder.setSSLSocketFactory(sslConnectionFactory);
>>  Registry registry =
>> RegistryBuilder.create()
>>   .register("https", sslConnectionFactory)
>>   .register("http", PlainConnectionSocketFactory.getSocketFactory())
>>   .build();
>> HttpClientConnectionManager connectionManager = new
>> BasicHttpClientConnectionManager(registry);
>> builder.setConnectionManager(connectionManager);
>>
>> builder.setDefaultCredentialsProvider(credsProvider);
>> builder.setRedirectStrategy(new MyRedirectStrategy());
>>
>> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
>> client = builder.build();
>>
>> I did this example by referring many posts on SSL confirguration with
>> Apache HttpClient 4.3.5
>>
>> But when i try to run, my execute method fails with this error
>>
>> javax.net.ssl.SSLException: hostname in certificate didn't match:
>> <12.17.7.0> != 
>> at
>> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)
>>
>> I tried lot of samples given on web related to ApacheHTTPclient
>> library 4.3.5 . But i am just not able to come out of this situation.
>> I dont know what is happening .
>>
>> I even tried changing to Allow-All-HostNameVerifier. but it gives
>> another exception.
>>
>> Kindly help me to achieve HTTPS connection
>>
>> -
>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>>
>>

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Handling Url's redirection using Httpclient

2015-02-10 Thread Bhowmik, Bindul 
Hello,

On Tue, Feb 10, 2015 at 5:35 AM, gdrsantosh gdrsant...@gmail.com wrote:
 I am using Httpclient to get the web page content,when we specify below urls
 like

 http://www.milwaukeetool.com/power-tools#product+Types=Diamond+Coring
 it will be redirected to
 http://www.milwaukeetool.com/power-tools?product+Types=Diamond+Coring

Looking at the sites, they are using Javascript (document.location) to
redirect, rather than HTTP 3xx status codes. So, this is outside the
scope of HTTP Client. You will have to parse/process the HTML body and
Javascript to achieve that redirect.

Regards,
Bindul


 and

 http://blackwoods.com.au/browse/flat-cut-off-wheels-metal-flexovit/302022874
 it will be redirected to
 http://blackwoods.com.au/search/flat-cut-off-wheels-metal-flexovit/302022874

 and giving invalid page content.

 So, I am looking for a solution to handle rediection to get correct page
 content using HttpClient.
 Below is the code which I am using to handle redirection using httpclient..

 HttpGet httpGet = new HttpGet(UrlRequest);
 httpclient = HttpClientBuilder.create().setRedirectStrategy(new
 LaxRedirectStrategy()).build();
 HttpResponse  response = httpclient.execute(httpGet);
 HttpEntity entity = response.getEntity();
 thirdPartyPageContent=EntityUtils.toString(entity);




 --
 View this message in context: 
 http://httpcomponents.10934.n7.nabble.com/Handling-Url-s-redirection-using-Httpclient-tp25485.html
 Sent from the HttpClient-User mailing list archive at Nabble.com.

 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org