You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2011/07/25 21:10:09 UTC

[jira] [Commented] (HTTPCLIENT-1111) Setting SSLSocket parameters

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13070683#comment-13070683 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1111:
-----------------------------------------------

Pasi

I really do not mind adding #prepareSSLSocket(SSLSocket) protected method but why overriding #createSocket(HttpParams) would not be enough? I believe one can call SSLSocket#setEnabledCipherSuites() on an unconnected SSL socket.

Oleg

> Setting SSLSocket parameters
> ----------------------------
>
>                 Key: HTTPCLIENT-1111
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.1.1
>            Reporter: Pasi Eronen
>            Priority: Minor
>
> In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
> In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed. 
> Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
> However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org