CODEWITHSUNDEEP
javaspring-bootrestspring-webclient
B Shannon
B Shannon

Reputation: 81

Disabling SSL checking for Spring web-client

The following code is what I am using to try and build a web client instance that can talk to a https server with an invalid certificate.

SslContext sslContext = SslContextBuilder
        .forClient()
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();
    HttpClient httpClient = HttpClient
        .create()
        .secure(sslContextSpec -> sslContextSpec.sslContext(sslContext));
    ClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
    WebClient client = WebClient
        .builder()
        .clientConnector(connector)
        // ... 
        .build();

The purpose of this is to make the web client not check the ssl however when ran the JVM crashes with an error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure". Could someone please point me into the right direction as previous SO posts dont seem to fix the problem and lead to the same handshake error.

Upvotes: 3

Views: 5031

Answers (1)

B Shannon
B Shannon

Reputation: 81

Just in case anyone gets this error with their spring webclient, the solution that ended up working for me was adding protocols and ciphers into the SSLcontext.

Iterable<String> allowedCiphers = List.of("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");

    SslContext sslContext = SslContextBuilder
        .forClient()
        .protocols("SSLv3","TLSv1","TLSv1.1","TLSv1.2")
        .ciphers(allowedCiphers)
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();

Upvotes: 5

Related Questions