[CXF-8326] SSLContext protocol version is ignored - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Cannot Reproduce
Affects Version/s: 3.1.4
Fix Version/s: None
Component/s: Transports
Labels:
None

Estimated Complexity:
Unknown

Description

Hi,

I'm doing a migration from CXF 2.4.6 to 3.1.4

This code is working perfectly fine in 2.4.6:

SSLContext sslcontext = SSLContext.getInstance("TLSv1");
...
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setSSLSocketFactory(sslcontext.getSocketFactory());
http.setTlsClientParameters(tlsClientParameters);

The ssl protocol version is respected when making the call (i-e TLSv1)

With SSLContext.getInstance("TLSv1.1") the call is made with TLSv1.1

With SSLContext.getInstance("TLSv1.2") the call is made with TLSv1.2

All is fine.

However, in 3.1.4, no matter the provided tls version it will always be TLSv1.2. The provided ssl version in SSLContext.getInstance("TLSv1") is just ignored.

I checked with 3.2.7 and 2.7.18. It is failing as well.

Thank you in advance for checking it.

Regards

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Alain Sellerin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Aug/20 15:00

Updated:: 25/Aug/20 09:52

Resolved:: 25/Aug/20 09:52