0

For some testing reason I need to force SSLv3 to be used by Client. SSLv3 is an accepted protocol in server. Tried to force by using SSLContextBuilder.useProtocol("SSLv3") as below:

SSLContextBuilder initiated as below: 

    SSLContextBuilder builder = SSLContexts.custom();

    SSLContext sslContext = builder.useProtocol("SSLv3").build();

    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new X509HostnameVerifier() {
        @Override
        public void verify(String host, SSLSocket ssl) throws IOException {
        }
     ....
     ....);
    return sslsf;
}

But the result in log shows handshaking always do in TLSv1:

....
....
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  
GMT: 1503650935 
bytes = { 
255, 
....
....

My understanding, client should request for the protocol that is defined whether server accept or not. In this case, I expect to see client should request to use SSLv3 not TLSv1.

Improve this question
2
  • Does it really have to be HC 4.3 and not a newer version? Commented Mar 8, 2018 at 8:57
  • Yes, I have to use HC 4.3.6. Commented Mar 8, 2018 at 10:30

1 Answer 1

Reset to default
1

That will force HC 4.3 to use SSLv3 only

SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
        SSLContext.getDefault(), new String[] {"SSLv3"}, null, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
CloseableHttpClient httpClient = HttpClients.custom()
        .setSSLSocketFactory(sslSocketFactory)
        .build();
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

......*** ClientHello, SSLv3 ......RandomCookie: GMT: 1503744762 It works Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.