Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8326

SSLContext protocol version is ignored

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.1.4
    • Fix Version/s: None
    • Component/s: Transports
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Hi,

      I'm doing a migration from CXF 2.4.6 to 3.1.4

       

      This code is working perfectly fine in 2.4.6:

      SSLContext sslcontext = SSLContext.getInstance("TLSv1");
      ...
      TLSClientParameters tlsClientParameters = new TLSClientParameters();
      tlsClientParameters.setSSLSocketFactory(sslcontext.getSocketFactory());
      http.setTlsClientParameters(tlsClientParameters);

      The ssl protocol version is respected when making the call (i-e TLSv1)

      With SSLContext.getInstance("TLSv1.1") the call is made with TLSv1.1

      With SSLContext.getInstance("TLSv1.2") the call is made with TLSv1.2

      All is fine.

       

      However, in 3.1.4, no matter the provided tls version it will always be TLSv1.2. The provided ssl version in SSLContext.getInstance("TLSv1") is just ignored. 

      I checked with 3.2.7 and 2.7.18. It is failing as well.

       

      Thank you in advance for checking it.

      Regards

       

       

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              asellerin Alain Sellerin
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: