java - How to setEnabledCipherSuites when using Apache HTTP Client? -


since need work legacy server, , since rc4 removed java 8, need re-enable rc4 based ciphers. described in release note have use sslsocket/sslengine.setenabledciphersuites(). since i'm using apache http client not able find way this. in advance! (i found quite semitrailer problem out answer thought of posting new one)

i facing same problem , able figure out.

secureprotocolsocketfactoryimpl protfactory = new secureprotocolsocketfactoryimpl(); httpsclient.gethostconfiguration().sethost(host, port, httpsprotocol); 

in "secureprotocolsocketfactoryimpl" class have override method public socket createsocket() secureprotocolsocketfactory class.

in method socket this

 sslsocket soc = (sslsocket) getsslcontext().getsocketfactory().createsocket(                     socket,                     host,                     port,                     autoclose                 ); 

so there able below.

cipherstobeenabled[0] = "tls_ecdhe_ecdsa_with_rc4_128_sha"; soc.setenabledciphersuites(cipherstobeenabled); 

hope idea. if have problems please comment below. note doing not enable rc4 related ciphers. need modify java "java.security" file in jre/lib/security/ file , remove cr4 form disabled algorithm list.


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -