• Post Reply Bookmark Topic Watch Topic
  • New Topic

HttpURLConnection Thru Proxy using JDK6 and TLS1.2  RSS feed

 
Tom Zeibig
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I've been working on this problem for a week now, and I'm hoping someone has a workaround or other advice.

The requirement is to use TLSv1.1 and TLSv1.2 to do an HTTPS POST Connect from our JBOSS(5.1) application, BUT I'm running JDK 1.6 which does not support TLSv1.2

Originally I hoped to send this HttpURLConnection thru an Apache reverse proxy, and have Apache re-write it to TLSV1.2? That doesn't seem to be how it works.
I got the proxy working for JBOSS using TLS1.2 for everything, except the post connection continues to talk TLS1.0

What I discovered is;

1. Java HttpURLConnection creates a connection object, using TLS1.0 because its the only protocol available in Java 1.6

2. Java issues a HttpURLConnection.openConnection(proxy) request thru the proxy.

3. Apache opens the CONNECT and creates the TUNNEL to the requested server. No handshake or Protocol agreement.

4. Control is passed back to Java tries to do the handshakes and data transfer, using the Java TLS 1.0 connection object created earlier, but gets refused due to TLS1.0

My only goal was to get the Handshake and protocols to be negotiated by Apache, but unless someone has another idea, I'm starting to think this is not possible - outside of upgrading to Java 7 (which causes other issues)



### the Java connection ###############
URL post = new URL( "https", getHostAddress(), getHostPort(), "/somegateway/xyz.dll" );
HttpURLConnection postConn;
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1",80));
postConn = (HttpURLConnection)post.openConnection(proxy);
postConn.setRequestMethod( "POST" );
postConn.setDoOutput( true );
BufferedReader in = new BufferedReader( new InputStreamReader( postConn.getInputStream() ) );


Any thoughts on this? Thanks in Advance!

Tom Z
 
A.J. Côté
Ranch Hand
Posts: 417
Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

It sounds like you are trying to use apache as a forward-proxy.

I would try configuring apache as a reverse-proxy then I would forward a dummy URL to the real server URL and simply connect to the reverse proxy using plain http although it should also work using https.

So jboss -> http://127.0.0.1/whatever -> apache reverse-proy -> https://realserver/whatever

You would remove all proxy knowledge from your java code, that's what reverse-proxy do, your java code doesn't need to have any knowledge of a proxy existence. Your current java code looks like you are trying to use apache like if it was a forward-proxy.

Hope this helps.
 
A.J. Côté
Ranch Hand
Posts: 417
Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ProxyPass /whatever https://realserver/whatever
ProxyPassReverse /whatever https://realserve/whatever
 
Jesper de Jong
Java Cowboy
Sheriff
Posts: 16049
88
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch.

Java 6 indeed does not support TLSv1.2.

At the client I'm currently working for, we've recently upgraded from Java 6 to Java 7, and one of the main reasons to do so was because we needed TLSv1.2 support.

It might be easier to upgrade the Java version than to try all kinds of complicated setups to get it working. Java 6 (and even Java 7) have already been end-of-life for a while (Oracle does not provide any bug fixes and security updates anymore, unless you pay them), so it would be best to upgrade to Java 8, the currently supported Java version.
 
Tom Zeibig
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A.J.Cote, Thank You! That worked!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!