3

The normal way to get an SSLSocketFactory would be to initialize a new SSLContext with a TrustManager, KeyManager and SecureRandom and use the getSocketFactory() method. However, this does not allow me to enable the required cipher suites or protocols.

The only configuration that HttpsURLConnection permits that would allow such a change is by setting its default SSLSocketFactory. I can create a class that extends SSLSocketFactory and override the getDefaultCipherSuites() method and wrap the sockets created by createSocket() to have the required ciphers and protocols set. However, this method does not allow me to initialize a TrustManager for the connection?

Is there a method I can do both - set cipher suites and protocols and initialize a trust manager?

varrunr
  • 845
  • 1
  • 11
  • 19

2 Answers2

3

Take the SSLSocketFactory obtained by SSLContext.getSocketFactory() and wrap it in a custom subclass of SSLSocketFactory, which delegates to the one obtained from SSLContext, but in createSocket() also sets the required cipher.

Robert Tupelo-Schneck
  • 10,047
  • 4
  • 47
  • 58
1

See the JSSE Reference Guide. You can set the cipher suites via system properties.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • It becomes global if set via system properties. I might want to set it just for a particular connection or even just one particular application. – varrunr Jul 09 '13 at 23:42
  • Agreed. However you didn't state that requirement in your question. – user207421 Jul 13 '13 at 00:41
  • 2
    Just for completeness (having just closed [this as a duplicate](http://stackoverflow.com/q/24888420/372643)), the relevant system property is `https.cipherSuites`. – Bruno Jul 22 '14 at 14:40