Disabling SSL checking for Spring web-client

Question

The following code is what I am using to try and build a web client instance that can talk to a https server with an invalid certificate.

SslContext sslContext = SslContextBuilder
        .forClient()
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();
    HttpClient httpClient = HttpClient
        .create()
        .secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
    ClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
    WebClient client = WebClient
        .builder()
        .clientConnector(connector)
        // ... 
        .build();

The purpose of this is to make the web client not check the ssl however when ran the JVM crashes with an error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure". Could someone please point me into the right direction as previous SO posts dont seem to fix the problem and lead to the same handshake error.

Are you sure the certificate is the problem? The error message could mean other things as well. — Henry, Jun 30 '20 at 04:37

score 3 · Answer 1 · answered Jun 30 '20 at 17:22

Just in case anyone gets this error with their spring webclient, the solution that ended up working for me was adding protocols and ciphers into the SSLcontext.

Iterable<String> allowedCiphers = List.of("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");

    SslContext sslContext = SslContextBuilder
        .forClient()
        .protocols("SSLv3","TLSv1","TLSv1.1","TLSv1.2")
        .ciphers(allowedCiphers)
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();

You ended my hour-long misery! Thx! – Jan Gassen Feb 17 '22 at 14:44 — Jan Gassen, Feb 17 '22 at 14:44

Disabling SSL checking for Spring web-client

1 Answers1