Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does ews-java-api support TLS 1.2? #580

Open
xsun12 opened this issue Dec 1, 2016 · 2 comments
Open

Does ews-java-api support TLS 1.2? #580

xsun12 opened this issue Dec 1, 2016 · 2 comments

Comments

@xsun12
Copy link

xsun12 commented Dec 1, 2016

No description provided.

@pheenomenon
Copy link
Contributor

looked at the method inside ExchangeServiceBase.java, it does not seem to use System properties to read the JVM parameters while initializing.
Also, the HttpClientBuilder.build() method inside httpclient-4.4.1.jar has a check to read "-Dhttps.protocol" only when ConnectionManager is null.

From what I can tell it ews-java-api does not support TLSv1.2, even if passed in JVM parameters.
Wondering if experts can comment more. @serious6

private void initializeHttpClient() {
Registry registry = createConnectionSocketFactoryRegistry();
HttpClientConnectionManager httpConnectionManager = new BasicHttpClientConnectionManager(registry);
AuthenticationStrategy authStrategy = new CookieProcessingTargetAuthenticationStrategy();

httpClient = HttpClients.custom()
  .setConnectionManager(httpConnectionManager)
  .setTargetAuthenticationStrategy(authStrategy)
  .build();

}

@pheenomenon
Copy link
Contributor

@vbauer Vladislav wondering what your thoughts are on the approach to provide a fix. Few options are:
1] stop setting ConnectionManager and set useSystemProperties() while building HttpClients, in which case HttpClientBuilder will invoke the code to read systemProperties.
reuseStrategyCopy = new SSLConnectionSocketFactory((SSLSocketFactory)SSLSocketFactory.getDefault(), keepAliveStrategyCopy, targetAuthStrategyCopy, (HostnameVerifier)proxyAuthStrategyCopy);

2] Another approach is to update EwsSSLProtocolSocketFactory build to as follows.
`public static EwsSSLProtocolSocketFactory build(
TrustManager trustManager, HostnameVerifier hostnameVerifier
) throws GeneralSecurityException {
SSLContext sslContext = createSslContext(trustManager);

//start
String[] keepAliveStrategyCopy = split(System.getProperty("https.protocols"));
String[] targetAuthStrategyCopy = split(System.getProperty("https.cipherSuites"));
System.out.println("https.cipherSuites : " + keepAliveStrategyCopy + targetAuthStrategyCopy );
//end
if(null != keepAliveStrategyCopy) {
  return new EwsSSLProtocolSocketFactory(sslContext,keepAliveStrategyCopy,targetAuthStrategyCopy, hostnameVerifier);
} else {
  return new EwsSSLProtocolSocketFactory(sslContext, hostnameVerifier);
}

}`

pheenomenon pushed a commit to pheenomenon/ews-java-api that referenced this issue Aug 18, 2017
issue OfficeDev#580: support for configured TLS and cipherSuites
c628803
pheenomenon pushed a commit to pheenomenon/ews-java-api that referenced this issue Aug 18, 2017
issue OfficeDev#580: support for configured TLS and cipherSuites : or…
6da1742 
…ganizing imports
pheenomenon pushed a commit to pheenomenon/ews-java-api that referenced this issue Aug 18, 2017
issue OfficeDev#580: support for configured TLS and cipherSuites : or…
1a86b45 
…ganizing javadocs
@pheenomenon pheenomenon mentioned this issue Aug 18, 2017
Open
pheenomenon pushed a commit to pheenomenon/ews-java-api that referenced this issue Aug 22, 2017
issue OfficeDev#580: support for configured TLS and cipherSuites : or…
97461d9 
…ganizing variable initializers
@pheenomenon pheenomenon mentioned this issue Aug 23, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xsun12 @pheenomenon