[ https://issues.apache.org/jira/browse/HTTPCLIENT-1692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mohammed Aijaz Yousuf updated HTTPCLIENT-1692: ---------------------------------------------- Attachment: litle-sdk-for-java-9.3.1.zip Extract the zip and import the classes into your workspace. This is a Open source SDK. > Apache HttpClient overrides the protocols supplied by JVM and instead > defaults it to TLSv1.0 > -------------------------------------------------------------------------------------------- > > Key: HTTPCLIENT-1692 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1692 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: 4.5 > Environment: Windows and Linux > Reporter: Mohammed Aijaz Yousuf > Attachments: litle-sdk-for-java-9.3.1.zip > > > Issue : We have a SDK provided by our Payment gateway and we use this SDK to > invoke the Payment webservices. This SDK uses Apache HttpCLient /Post methods > to make webservice calls and Payment gateway requires the communication to go > through TLS1.2 handshake. We invoke these payment services using 2 ways : > 1. Using IBM Websphere Application server. > 2. Using IBM Agent Server (Batch job which runs on a JVM process and uses > Queue to process and listen to messages) > a. For IBM websphere, we were able to make the TLS1.2 protocol work by > changing the "Quality Of Protection" SSL settings but we cannot make it work > on IBM Agent server. > b. We tried passing the protocols explicitly by giving > "https.protocols=TLSv1.2" as system arguments when starting the server but it > seems the Apache HttpsClient is overriding the protocol and setting it to JVM > default protocol which is TLSv1.0. Due to this default protocol, all our > communications with Payment gateway are failing. We are using > apache-httpcomponents-httpclient.jar. > c. We tried using the httpClient4.5.x but even then the same behavior is > seen.Another issue we faced when we use higher versions of httpclient was > whenever we try deploying the Httpclient 4.5.x.jar on websphere, Websphere is > throwing Class conflict error as IBM websphere has a > com.ibm.ws.prereq.jaxrs.jar plugin which internally supports only apache > 4.1.x. We tried changing the websphere class loader policy to read the Parent > class last but it starts effecting other functionalities. > d. We would basically need to know how we can enforce the httpclient to > accept the JVM protocols set in system property "https.protocols=TLSv1.2" > instead of overriding the protocol to TLSv1.0. > e. We are using IBM JDK 1.6 SR5 and IBM Websphere 8.5.5 > Secondly we are not using JSSE socketfactory but are using Websphere SSL > socket factory with com.ibm.ws.security.crypto.jar: > # WebSphere socket factories (in cryptosf.jar) > ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory > ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory > f. Its an Open source SDK provided by Vantiv and it can be used by anyone at > https://github.com/LitleCo/litle-sdk-for-java > Below is the URL: > https://www.testlitle.com/sandbox/communicator/online -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org