This content has been marked as final. Show 5 replies
You can do that via system properties. See the Networking Properties page linked from the Guide to Features - Networking. You can also supply your own SSLSocketFactory which changes those parameters for sockets it creates: see the Javadoc for HttpsURLConnection.
Why do you need to change the cipher suites?
Thanks for replying. To answer your question, our customers want to be able to specify specific ciphers (or protocols - e.g. TLSv1.2) so that their client will not connect to servers which utilize "unsecure" (in customers opinion) ciphers. Our server program is not a HTTP server per-say, it uses HTTP to communicate tho.
As for the page you linked to, I maybe missing it but I do not see anything there that indicates you can specify a cipher.
I was exploring creating a socket factory but it just seemed a bit of overkill in order to set the cipher or protocol, but that sounds like the best way to go. It's unfortunate that there is no mechanism in the class to set this as there is in the SSLSocket class.
Update - Creating my own Socket Factory and setting that into the URLConnection object was the solution
Edited by: JimM on May 21, 2012 11:40 AM
Creating SSLSocketFactories and assigning to HttpsURLConnection isn't very difficult, you just need to make sure you override all of the methods properly. I suggest using NetBeans or something similar.
While custom SSLSocketFactories can create preconfigured SSLSockets, unfortunately, the HttpsURLConnection/HttpURLConnection class doesn't give you direct access to the actual underlying Socket used for the connection. The network team has enforced that architecture/limitation.
It will be interesting to see what happens with the Http Client work being done for JDK 8.