Hi Oleg, Thanks for your answer, maybe I did not explain clearly our use case. We need to call several external systems over HTTP, and every system has different requirements. All need TLS, but some need client certificate, others not, some of them needs a certain client certificate that differs from others, some of them wants to exclude certain protocols and cipher suites. My idea is that we need as many SSLConnectionFactiories as many external systems. This is what I cant achieve now with a single HttpClient / PoolingHttpClientConnectionManager. The PoolingHttpClientConnectionManager can be given a single HTTPS connection factory, but I would need multiple different factories I suspect. Am I wrong with this?
Ivan 2016-06-07 15:18 GMT+02:00 Oleg Kalnichevski <ol...@apache.org>: > On Tue, 2016-06-07 at 11:06 +0200, Ivan Brencsics wrote: > > Hi, > > > > I have some trouble using SSL together > > with PoolingHttpClientConnectionManager. > > > > I create an HttpClient by setting both the SSLContext and > ConnectionManager > > and the SSLContext is ignored. I read that others had the same problem > and > > solved it by adding a Socket Factory Registry to the Connection Manager. > > However, I dont find this a good solution. I would like to create one and > > only one connection pool for my application, and then provide it to all > > HttpClient instances I create later on. > > What is the point doing so? You might as well have just one instance of > HttpClient which is basically recommended anyway. > > > When I instantiate the connection > > pool, I dont know exactly what connections I will create later with what > > SSL parameters. Your solution assumes that when instantiating the > > PoolingHttpClientConnectionManager, we are already aware of all the SSL > > settings that we will ever use. This is very often not the case. > > > > Why are the SSL settings so tightly coupled to > > PoolingHttpClientConnectionManager? > > Because the pool manager is responsible for keeping track of persistent > connection state. > > > And do I understand correctly that if I > > am using SSL, I should create separate PoolingHttpClientConnectionManager > > instances towards the different remote servers? > > > > No, you should not. > > Oleg > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > >
