Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add support for SSL/TLS with SSLContext

See original GitHub issue

Hi, first thank you first for this great library.

Is your feature request related to a problem? Please describe. I want to make a couple of https requests for different scenario’s which is a bit hard with the current possibilities. The main setup what I prefer is to separate the client’s certificate and list of trusted certificate in two different keystores. Loading two keystore is currently not possible. The only available ssl configuration are these two:

public Config clientCertificateStore(KeyStore store, String password) {...}

public Config clientCertificateStore(String fileLocation, String password) {...}

So this is unfortunately not possible with these methods. And if I call these methods with different keystores it will override keystore field within the configuration of unirest.

Describe the solution you’d like A possible solution would supporting SSLContext from javax which could be something like this:

public Config sslContext(javax.net.ssl.SSLContext sslContext) {...}

With this option you will enable the consumer of the library to provide any kind of ssl/tls stategy. Like one way tls, two way tls, trusting signed certificates, trusting unsigned certificates or enforcing a specific tls protocol version like TLS v1.3

Would be cool if this could be a new feature request

Issue Analytics

State:
Created 4 years ago
Reactions:3
Comments:5 (2 by maintainers)

Top GitHub Comments

2reactions

Hakky54commented, Nov 17, 2019

I have tried another configuration and it works, so I am not sure if that would the solution for Unirest.

What I currently do is the following as a workaround:

SSLContext sslContext = SSLContext.getInstance("TLSv1.3");
sslContext.init(keyManagers, trustManagers, null);

HttpClient httpClient = HttpClients.custom()
    .setSSLContext(sslContext)
    .setSSLHostnameVerifier(new DefaultHostnameVerifier())
    .build();

Unirest.primaryInstance()
    .config()
    .httpClient(config -> ApacheClient.builder(httpClient).apply(config));

1reaction

rybercommented, Nov 19, 2019

Turns out this was a lot easier than I thought. We were already building a SSLContext internally so allowing a user to just pass in their own is pretty simple.

I would like to get some test validation however and currently the Custom Cert on badssl.com is expired. Let’s give them a few days to get it updated. (link in the pull request https://github.com/Kong/unirest-java/pull/316)

Top Results From Across the Web

ssl — TLS/SSL wrapper for socket objects — Python 3.11.1 ...

SSLContext class helps manage settings and certificates, which can then be inherited by SSL sockets created through the SSLContext.wrap_socket() method. Changed ...

How to configure SSL/TLS for a Http Client or a Server - DZone

In this article, we discuss how to easily configure an SSL/TLS connection in Java to better secure your application.

HTTPS: How to support all SSL/TLS protocols and cipher suits?

I'm currently using Java 8 but willing to upgrade (don't think it matters). I created the SSLContext as follows: SSLContext sslContext = ...

SSL Context Provider

An SSL Context Provider defines the parameters used to make to make server or client connections secure over SSL. ... TLS protocol version...

How do I change the default SSL/TLS protocol my Java ... - IBM

TLSV1.2 is the default TLS protocol in IBM JDK 7.1 and 7.0. ... SSLContext of "TLSv1.2" protocol supports TLS 1.2. For example:.