Antoine
Antoine

Reputation: 133

Disable SSL security in akka http client

I have to make https calls to an api that appears to not have validated SSL certificate. I would still like to make calls to the api using the Http().singleRequest method of akka-http.

When I make a call, I however get the following error:

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

When I make a call with curl, I get

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it.

The calls with curl however work if I had the flag --insecure.

In akka-http, I tried the following:

val badSslConfig = AkkaSSLConfig().mapSettings(
      s => s.withLoose(
        s.loose
          .withAcceptAnyCertificate(true)
          .withAllowLegacyHelloMessages(Some(true))
          .withAllowUnsafeRenegotiation(Some(true))
          .withAllowWeakCiphers(true)
          .withAllowWeakProtocols(true)
          .withDisableHostnameVerification(true)
          .withDisableSNI(true)
      )
    )
    val badCtx = Http().createClientHttpsContext(badSslConfig)


    Http()
      .singleRequest(
        HttpRequest(
          HttpMethods.POST,
          uri = Uri("https://..."),
          protocol = HttpProtocols.`HTTP/1.1`
        ),
        connectionContext = badCtx
      )

but I still get the same error.

What should I do to fix the issue?

PS: I understand (given the many warnings in akka-http docs) that it is something that I shouldn't do in production but I'd like this workaround to work for now...

Upvotes: 3

Views: 3149

Answers (1)

kstrek
kstrek

Reputation: 106

I had similar problem some time ago and as far as I remember it had to do with this issue. Workaround for that problem is to have own implementation of SSLContext that will accept just anything. Implementation is pretty straightforward and the example can be found in the last comment of of issue linked above.

Upvotes: 3

Related Questions