Winfried Gerlach created HTTPCLIENT-2397:
--------------------------------------------
Summary: Prevent use of plain HTTP in HttpClient 5.4+
Key: HTTPCLIENT-2397
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2397
Project: HttpComponents HttpClient
Issue Type: Bug
Reporter: Winfried Gerlach
In all HttpClient versions up and until 5.3.1, it was possible to prevent the
use of plaintext HTTP by only registering a HTTPS ConnectionSocketFactory. When
trying to access an HTTP resource, this would then lead to an
\{{UnsupportedSchemeException}} ("http protocol is not supported"):
[httpcomponents-client/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java
at rel/v5.3.1 ยท
apache/httpcomponents-client|https://github.com/apache/httpcomponents-client/blob/rel/v5.3.1/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java#L133]
For HttpClient 5.4+, this check was dropped. Such behavior could still be
achieved, e.g. by using a custom SchemePortResolver, but this is a)
unnecessarily complicated and b) doesn't help users migrating from an older
version that may not even notice that HTTP connections are now suddenly
possible again. That's why I would classify this as a bug.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
