Re: HTTPClient doesn't connect to server with SiteB 192bits security mode

[Ting Zhao]

Hi Oleg,

Thank you for the advise.

I found that I have to set the cipher suite to the socket directly. So I
have two options:
1. For HTTPClient 4.2.1, I have to subclass
org.apache.http.conn.ssl.SSLSocketFactory, so that I can access the socket
through override the method
protected void prepareSocket(final SSLSocket socket) throws IOException
2. For HttpClient 4.3 and above, I can instantiate the
org.apache.http.conn.ssl.SSLSocketFactory with this constructor:
    public SSLSocketFactory(
            final SSLContext sslContext,
            final String[] supportedProtocols,
            final String[] supportedCipherSuites,
            final X509HostnameVerifier hostnameVerifier)

For now, I am limited to option 1 since I have to use HTTPClient 4.2.1.


Regards,
                                                                                
  
                                                                                
  
                                                                                
  
                                                                                
  
                                                                                
  
                                                                                
  
  Ting Zhao                                                                     
  
  Software Engineer                                                             
  
  Information Management                                                        
  
                                                                                
  
  Phone: 561-862-2923                                                           
  
  E-mail: tingz...@us.ibm.com                                                   
  
                               (Embedded image moved to file: pic25634.gif)     
  
                                                                                
  
                                                                                
  
                                                                                
  
                                                                                
  






From:   Oleg Kalnichevski <ol...@apache.org>
To:     HttpClient User Discussion <httpclient-users@hc.apache.org>,
Date:   06/15/2013 05:17 PM
Subject:        Re: HTTPClient doesn't connect to server with SiteB 192bits
            security mode



On Sat, 2013-06-15 at 17:01 -0400, Ting Zhao wrote:
> Hello,

...

> It looks like the issue is that the client side missing
> SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite. But I can't figure
> out how to add it.
>
> Intesting thing is that URLConnection code is working from the same
client
> applicaiton. And the server side trace shows the following information.
> %% No cached client session

Please upgrade to HttpClient 4.3-beta2 and initialize your client either
like this
---
CloseableHttpClient httpClient = HttpClients.createSystem();
---
or like that
---
CloseableHttpClient httpClient = HttpClients.custom()
  .setSSLSocketFactory(SSLSocketFactory.getSystemSocketFactory())
  .build();
---
This should make HttpClient use the same SSL configuration as Java
URLConnection. See if that makes any difference.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org