How to enable SSLv3 with Apache HttpClient?

Question

How to enable SSLv3 with Apache HttpClient?

SSLv3 has been disabled in Apache HttpClient since version 4.3.6, but I am using version 4.5. developers wrote :

Those users who want to continue using SSLv3 should explicitly enable support for it.

I tried to install supported protocols at the JVM level, but this did not work. An example is provided in Scala, but this does not apply to the problem:

System.setProperty("https.protocols", "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2")

My second attempt:

val instance: CloseableHttpClient = {
  val trustStrategy = new TrustStrategy {
    override def isTrusted(x509Certificates: Array[X509Certificate], s: String) = true
  }
  val sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build()
  val sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)
  val socketFactoryRegistry =
    RegistryBuilder.create[ConnectionSocketFactory]()
        .register("http", PlainConnectionSocketFactory.getSocketFactory)
        .register("https", sslSocketFactory)
        .build()
  val connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry)
  HttpClients.custom()
      .disableRedirectHandling()
      .setSSLContext(sslContext)
      .setConnectionManager(connectionManager)
      .build()
}

But that didn't work either.

How to connect to hosts supporting SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2 with Apache HttpClient 4.5?

+4

java ssl https apache-httpclient-4.x apache-httpcomponents

deamon Jul 24 '15 at 10:31

source share

1 answer

oleg · Accepted Answer · 2015-07-24T15:13:37+0000

HttpClient . HttpClient builder .

CloseableHttpClient client = HttpClients.createSystem();

factory

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
        SSLContext.getDefault(),
        new String[] { "SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"},
        null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", socketFactory)
        .build();

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();

,

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
        SSLContext.getDefault(),
        new String[] {"TLSv1"},
        null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", socketFactory)
        .build();

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://www.ethz.ch/de.html"))) {
    System.out.println(response.getStatusLine());
    System.out.println(EntityUtils.toString(response.getEntity()));
}

How to enable SSLv3 with Apache HttpClient?

More articles: