From 6c3f95b62d38d250dc3fbb161e9de43271da07b6 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 18 Oct 2022 15:12:09 +0200 Subject: [client] Test for TLSv1.3 availability before using it with apache-http Unfortunately, adding a TLS version to the list of supported versions that is not supported by the currently running JVM will make the apache http client bail out immediately with an exception, instead of trying the remaining TLS versions from that list. --- .../org/openslx/dozmod/util/ProxyConfigurator.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'dozentenmodul') diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java index a6dede1c..035d310b 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java @@ -7,6 +7,8 @@ import java.net.Socket; import java.text.MessageFormat; import java.util.concurrent.atomic.AtomicReference; +import javax.net.ssl.SSLContext; + import org.apache.hc.client5.http.HttpRoute; import org.apache.hc.client5.http.classic.methods.HttpGet; import org.apache.hc.client5.http.config.ConnectionConfig; @@ -57,11 +59,25 @@ public class ProxyConfigurator { private static AtomicReference apacheClient = new AtomicReference<>(); - private static final TLS[] SUPPORTED_TLS_VERSIONS = { TLS.V_1_3, TLS.V_1_2, TLS.V_1_1 }; + private static final TLS[] SUPPORTED_TLS_VERSIONS; private static final Timeout TIMEOUT_CONNECT = Timeout.ofSeconds(8); private static final Timeout TIMEOUT_SOCKET = Timeout.ofSeconds(8); private static final Timeout TIMEOUT_REQUEST = Timeout.ofSeconds(3); + + static { + boolean ok = false; + try { + SSLContext.getInstance("TLSv1.3"); + ok = true; + } catch (Exception e) { + } + if (ok) { + SUPPORTED_TLS_VERSIONS = new TLS[] { TLS.V_1_3, TLS.V_1_2, TLS.V_1_1 }; + } else { + SUPPORTED_TLS_VERSIONS = new TLS[] { TLS.V_1_2, TLS.V_1_1 }; + } + } /** * Initialization method. -- cgit v1.2.3-55-g7522