You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Pasi Eronen (JIRA)" <ji...@apache.org> on 2011/07/25 14:27:09 UTC
[jira] [Created] (HTTPCLIENT-1111) Setting SSLSocket parameters
Setting SSLSocket parameters
----------------------------
Key: HTTPCLIENT-1111
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
Project: HttpComponents HttpClient
Issue Type: Improvement
Components: HttpClient
Affects Versions: 4.1.1
Reporter: Pasi Eronen
Priority: Minor
In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed.
Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1111) Setting SSLSocket parameters
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1111:
------------------------------------------
Fix Version/s: 4.2 Alpha1
Fair enough. Feel free to submit a patch with the changes you are proposing.
Oleg
> Setting SSLSocket parameters
> ----------------------------
>
> Key: HTTPCLIENT-1111
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Pasi Eronen
> Priority: Minor
> Fix For: 4.2 Alpha1
>
>
> In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
> In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed.
> Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
> However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1111) Setting SSLSocket parameters
Posted by "Pasi Eronen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13071021#comment-13071021 ]
Pasi Eronen commented on HTTPCLIENT-1111:
-----------------------------------------
Overriding #createSocket(HttpParams) would be simple, but currently SSLSocketFactory has three other places where this.socketfactory.createSocket() is called, and all of them would need a call to SSLSocket#setEnabledCipherSuites() to cover all code paths...
> Setting SSLSocket parameters
> ----------------------------
>
> Key: HTTPCLIENT-1111
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Pasi Eronen
> Priority: Minor
>
> In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
> In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed.
> Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
> However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Resolved] (HTTPCLIENT-1111) Setting SSLSocket parameters
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1111.
-------------------------------------------
Resolution: Fixed
Patch checked in. Many thanks, Pasi, for contributing it.
Oleg
> Setting SSLSocket parameters
> ----------------------------
>
> Key: HTTPCLIENT-1111
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Pasi Eronen
> Priority: Minor
> Fix For: 4.2 Alpha1
>
> Attachments: httpclient-sslsocketfactory-preparesocket.patch
>
>
> In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
> In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed.
> Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
> However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1111) Setting SSLSocket parameters
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13070683#comment-13070683 ]
Oleg Kalnichevski commented on HTTPCLIENT-1111:
-----------------------------------------------
Pasi
I really do not mind adding #prepareSSLSocket(SSLSocket) protected method but why overriding #createSocket(HttpParams) would not be enough? I believe one can call SSLSocket#setEnabledCipherSuites() on an unconnected SSL socket.
Oleg
> Setting SSLSocket parameters
> ----------------------------
>
> Key: HTTPCLIENT-1111
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Pasi Eronen
> Priority: Minor
>
> In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
> In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed.
> Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
> However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1111) Setting SSLSocket parameters
Posted by "Pasi Eronen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pasi Eronen updated HTTPCLIENT-1111:
------------------------------------
Attachment: httpclient-sslsocketfactory-preparesocket.patch
Patch against SVN trunk attached
> Setting SSLSocket parameters
> ----------------------------
>
> Key: HTTPCLIENT-1111
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1111
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Pasi Eronen
> Priority: Minor
> Fix For: 4.2 Alpha1
>
> Attachments: httpclient-sslsocketfactory-preparesocket.patch
>
>
> In HttpClient 4.0.3, it was easy to subclass SSLSocketFactory, and set SSLSocket options (e.g. setEnabledCipherSuites() or setSSLParameterse()) before the SSL handshake happened. This way it was possible to e.g. restrict cipher suites on per-HttpClient basis (instead of JVM-wide system properties).
> In HttpClient 4.1.1, the design has changed quite a lot, and copy-pasting of several long methods is needed.
> Ideally, SSLSocketFactory should support applying SSLParameters to the socket. However, SSLParameters is Java 1.6, so if we want to keep compatibility with 1.5, that's out.
> However, it'd be nice to at least have a method (e.g. "protected SSLSocket prepareSSLSocket(SSLSocket s)") that would get called immediately after a socket is retrieved from the socket factory. The default implementation could be just "return s;", but subclasses could do something like s.setEnabledCipherSuites() s.setSSLParameters().
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org