This discussion is archived
2 Replies Latest reply: Jan 15, 2008 2:07 AM by 807603 RSS

How to disable the verbose mode in HTTPS ?

807603 Newbie
Currently Being Moderated
Hello Everybody,

I'd like to know how I can make an https connection in which the text of the transaction with the distant server doesn't show in the console

here is my code :
URL rawURL = new URL(url);
if(rawURL.getProtocol().startsWith("https"))
{
     System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
     System.setProperty("javax.net.debug","ssl,handshake,data,trustmanager");
     Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

     TrustManager[] trustAllCerts = new TrustManager[]{
     new X509TrustManager()
     {
          public void checkClientTrusted(X509Certificate[] chain, String authType) {}

          public void checkServerTrusted(X509Certificate[] chain, String authType) {}

          public X509Certificate[] getAcceptedIssuers() {
               return null;
          }
     }};
     HostnameVerifier hv = new HostnameVerifier()
     {
                     public boolean verify(String urlHostName, SSLSession session)
          {
                          return true;
          }
     };
     /*Initialisation de la connection*/
     try
     {
          SSLContext sc = SSLContext.getInstance("SSL");
          sc.init(null, trustAllCerts, new java.security.SecureRandom());                         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
          HttpsURLConnection.setDefaultHostnameVerifier(hv);
          HttpsURLConnection.setFollowRedirects(false);
     }
     catch(NoSuchAlgorithmException nsae){}
     catch(KeyManagementException kme)
     {
                     kme.printStackTrace();
     }

     /* creation de la connection */
     urlCon = ((HttpsURLConnection)rawURL.openConnection());
}

urlCon.setInstanceFollowRedirects(true);
urlCon.setReadTimeout(12000);
urlCon.setConnectTimeout(7000);
urlCon.addRequestProperty("User-Agent","Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Firefox/1.0.7 (Debian package 1.0.7-1)");
urlCon.addRequestProperty("Host",urlCon.getURL().getHost());
urlCon.addRequestProperty("Accept-Language", "fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3");
                    
switch (urlCon.getResponseCode())
{

...

}
Thank's !
  • 1. Re: How to disable the verbose mode in HTTPS ?
    EJP Guru
    Currently Being Moderated
         System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
    You don't need that unless you're running 1.3 or earlier.
         System.setProperty("javax.net.debug","ssl,handshake,data,trustmanager");
    You don't need that unless you want verbose mode.
         Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    You don't need that unless you're running 1.3 or earlier.
         TrustManager[] trustAllCerts = new TrustManager[]{
    You don't need this thing at all unless you like (a) code that doesn't implement its specification correctly and (b) insecure code. If your truststore doesn't trust the server certificate, that's the server's problem. Get them to fix it, by getting their certificate signed by a recognized CA.
         HostnameVerifier hv = new HostnameVerifier()
    Much the same remarks. This piece of code is insecure and it just addresses a problem with the server certificate. Get the problem fixed.

    Otherwise in both cases you may as well not be using HTTPS at all - there is no security.
         catch(NoSuchAlgorithmException nsae){}
    Never ignore an exception.
    urlCon.setInstanceFollowRedirects(true);
    If you have that you don't need the global setFollowRedirects call above, so you should remove it.
  • 2. Re: How to disable the verbose mode in HTTPS ?
    807603 Newbie
    Currently Being Moderated
    Thank's