SSL configuration logic, extracted from Play's WS (for use in Akka et al).
Scala Java Shell
Latest commit 9cbaac4 Jan 11, 2017 @ktoso ktoso committed on GitHub Merge pull request #54 from andrewrapp/fix-withhostnameverifierclass-…

Modify withHostnameVerifierClass type to support custom hostname verification #46
Failed to load latest commit information.
documentation Fix highlighting of curl command Nov 21, 2016
project Convert docs to Paradox Nov 16, 2016
ssl-config-akka/src/main akka ssl config now easier to reconfigure Apr 8, 2016
ssl-config-core/src Modify withHostnameVerifierClass type to allow custom host name verif… Jan 10, 2017
.gitignore Initial WIP commit, does not compile yet Sep 4, 2015
.java-version removed the use of JodaTime from lib (keep in tests) Dec 18, 2015
.travis.yml move to JDK8 only Apr 7, 2016
LICENSE Initial WIP commit, does not compile yet Sep 4, 2015
build.sbt update documentation Jun 21, 2016 Convert docs to Paradox Nov 16, 2016
version.sbt next version dev Apr 8, 2016

SSL Config

Goal and purpose of this library is to make Play's WS library as well as Akka HTTP "secure by default". Sadly, while Java's security has been steadily improving some settings are still left up to the user, and certain algorithms which should never be used in a serious prodution system are still accepted by the default settings of the SSL/TLS infrastructure. These things are possible to fix, by providing specialized implementations and/or defining additional settings for the Java runtime to use – this is exactly the purpose of SSL Config.

Additional modules offer integration with Play WS (which by default utilises the Ning Async Http Client), Akka Http and any other library which may need support from this library.


The project is maintained on two branches:

  • master which requires Java 8 and is used by Akka 2.4.x.
  • release-0.1 which is Java 6 compatible (does lots of manual improvements and checks that JDK6 didn't). Currently only the legacy version of Akka Streams & Http (which is 2.0.x) uses this version.

Latest versions:

// JDK8: 
"com.typesafe" %% "ssl-config-akka" % "0.2.1"

// JDK6/7 (some features may be backported here)
"com.typesafe" %% "ssl-config-akka" % "0.1.3"

State of this project

ssl-config at this point in time is used primarily internally in Akka HTTP, and is being evolved towards being "the place" one configures all possible SSL/TLS related settings, mostly focused on the client side of things.

The project is hosted externally of either Akka or Play, in order to foster convergence and re-use of the more tricky bits of configuring TLS.

Binary compatibility is not guaranteed between versions (in the 0.x.z series) of ssl-config at this point in time. We aim to stabilise the APIs and provide a stable release eventually.


Docs are available on:

Recommended reading

An excellent series by Will Sargent about making Play's WS (from which this library originates) "secure by default":


Lightbend 2015-2016, Apache 2.0