How can I change the TLS extensions being used in Java HttpClient (SSLContext)

Asked Aug 27 '20 at 03:35

Active Sep 30 '20 at 09:15

Viewed 273 times

I am wondering how to change which TLS extensions are to be used in Java by editing the SSLSockets or by another means.

This is how I am currently initializing my SSL using Conscrypt

Conscrypt.setUseEngineSocketByDefault(true);
Security.insertProviderAt(new OpenSSLProvider(), 1);
SSLContext sslContext = SSLContext.getInstance("TLSv1.3", Conscrypt.newProvider());

String [] ciphers = {
       "..."
};
sslContext.init(null, null, new SecureRandom());
sslContext.createSSLEngine().setEnabledCipherSuites(ciphers);

asked Aug 27 '20 at 03:35

BayanR

It's up to whatever the SSL provider implements, but you can mess around with the `SSLParameters` of the `SSLContext`, and its algorithms, etc. – user207421 Aug 27 '20 at 03:54
@MarquisofLorne Yes I see normally I can do something like Security.setProperty("jdk.tls.namedGroups", "secp521r1"); but it is overwritten by Conscrypt. – BayanR Aug 27 '20 at 04:34

How can I change the TLS extensions being used in Java HttpClient (SSLContext)

0 Answers0