You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2019/01/25 19:46:00 UTC

[jira] [Commented] (HTTPCLIENT-1967) HttpClient does not appears to support TLSv1.3 well

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752612#comment-16752612 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1967:
-----------------------------------------------

HttpClient uses the JSSE provider supplied at the construction time to implement TLS transport security. It does not have any custom TLS code (other than hostname verification routine). If TLSv1.3 does not work for you it is a JRE issue and not that of HttpClient.

1. Please specify the exact version of the JRE you are using

2. Please provide the exact exception stack trace

Oleg   

   

> HttpClient does not appears to support TLSv1.3 well
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1967
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1967
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (Windows)
>    Affects Versions: 4.5.3, 4.5.6
>         Environment: Windows
>            Reporter: FUMIN
>            Priority: Major
>         Attachments: TestHttpClient.java
>
>
> # Set up a clean Apache Tomcat server, in my case I downloaded 8.5.37.
>  # Setup and change the server.xml to setup HTTPS/TLS 1.3 connector, I have this section:
>     <Connector port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
>                 maxThreads="150" SSLEnabled="true" >
>          <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
>          <SSLHostConfig ciphers="TLS_AES_256_GCM_SHA384" protocols="TLSv1.3" sslProtocol="TLS">
>              <Certificate certificateKeystoreFile="conf/.keystore" certificateKeystoreType="jks"/>
>          </SSLHostConfig>
>      </Connector>
> 3. Connect from Chrome or Firefox, able to verify browser can connect to the server with TLSv1.3 cipher suites.
> 4. Use a test program, such as the attached.  Update the URL to point to the TLS1.3 supported server. Run the program, Notice the behavior.
> (Note, I am using java 11 for both the server and the client where TLSv1.3 is supported)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org