How to force use of TLS1.2 to relax the client using the Rest template

Question

How to force use of TLS1.2 to relax the client using the Rest template

I am using json webservice using Spring3.0 restTemplate by calling the post method.

MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>(); headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE); HttpEntity<Object> entity = new HttpEntity<Object>(requestAsString, headers); postForObject = restTemplate.postForObject(url, entity, responseClass );

Our application is deployed on a WAS server and tries to connect to the manufacturer by creating a connection with TLS1.0. However, now the manufacturer only supports TLS1.1 and TLS1.2.

How to force use restTempate to use TLS1.1 or TLS 1.2.

Usually for apache httpclient code, create your own protocol ProtocolSocketFactory and override the createSocket method. However, in the case of RestTemplate, how to achieve the same.

+5

java spring resttemplate tls1.2

Panther Aug 26 '16 at 8:16

source share

3 answers

With Spring> 3.1:

 import javax.net.ssl.SSLContext; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(null, null, null); CloseableHttpClient httpClient = HttpClientBuilder .create() .setSSLContext(context) .build(); HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); RestTemplate restTemplate = new RestTemplate(factory); .....

+11

Michal foksa Aug 26 '16 at 10:54

source share

@abhishekhp If your question has not ended yet.

  RestTemplate restTemplate = new RestTemplate(); DefaultHttpClient httpClient = new DefaultHttpClient(); // We're going to try and load and enable TLS version 1.2 standard communication context from JSSE Providers // This is enabled only for download media Mirakl as some merchants don't accept communication with TLS versions prior to 1.1 try { SSLContext context; context = SSLContext.getInstance("TLSv1.2"); context.init(null, null, null); SSLSocketFactory ssf = new SSLSocketFactory(context); ClientConnectionManager ccm = httpClient.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory())); sr.register(new Scheme("https", 443, ssf)); } catch (NoSuchAlgorithmException | KeyManagementException e) { LOGGER.warn("Could not load the TLS version 1.2 due to => ", e); } restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient));

0

Med arrafi Feb 26 '18 at 13:58

source share

marthursson · Accepted Answer · 2016-08-26T08:25:31+0000

You can configure RestTemplate to use a custom ClientHttpRequestFactory . In particular (since you are using Spring 3.0), there is a CommonsClientHttpRequestFactory . This will allow you to configure common HTTP permissions, and your RestTemplate will use this to fulfill its requests.

Note that the actual implementation classes have changed in later versions of Spring (and if you're still on 3.0, you really should consider upgrading). Starting with 3.1, the implementation class is called HttpComponentsClientHttpRequestFactory .

How to force use of TLS1.2 to relax the client using the Rest template

More articles: