hato icon indicating copy to clipboard operation
hato copied to clipboard

Published 20 hours ago verified publisher icon gnarroway

Expose TLS protocol version setting when creating SSLContext?

Open claj opened this issue 5 months ago • 2 comments

When comparing a reference implementation of an API integration in Java for porting it to Clojure and using hato, there are some settings that cannot be set through the ->SSLContext function, namely the TLS version (defaults to "TLS" in hato, I would like to be able to set it to "TLSv1.2" in this particular case).

Would it be welcome to add an optional key named :protocol in the hato.client/->SSLContext function - and specify that is optional key means the version of the TLS-protocol the documentation, defaults to "TLS"?

claj avatar Feb 06 '24 15:02 claj

Hi, thanks for your interest. I don't mind a PR for this. Please include a test and readme.

For completeness just noting some options:

  • You can also adjust it via java opts (jdk.tls.client.protocols and related) though that has broader impact.
  • You can also pass in a manually constructed SslContext, but that is less convenient.
  • Trying to set the protocol in the SslContext (via getInstance) seems to also have nuances (e.g. setting it to "TLSv1.2" will not prevent other TLS versions). But if passing in a manually constructed SslContext with the protocol set makes it work for you, then supporting this option should be fine.

gnarroway avatar Feb 07 '24 03:02 gnarroway

I'm still on this, but has been busy with other things. There will be a at least two weeks more until I'm done.

claj avatar Feb 26 '24 15:02 claj