The HttpClient.Builder.sslParameters(SSLParameters) states:
/**
* Sets an {@code SSLParameters}.
*
* <p> If this method is not invoked prior to {@linkplain #build()
* building}, then newly built clients will use a default,
* implementation specific, set of parameters.
*
* <p> Some parameters which are used internally by the HTTP Client
* implementation (such as the application protocol list) should not be
* set by callers, as they may be ignored. The contents of the given
* object are copied.
*
* @param sslParameters the SSLParameters
* @return this builder
*/
public Builder sslParameters(SSLParameters sslParameters);
One part of that states:
Some parameters which are used internally by the HTTP Client implementation (such as the application protocol list) should not be set by callers, as they may be ignored.
However, the default implementation of the HttpClient ignores some other parameters too. Some intentionally (like the SNIServerName) and some unintentionally (like the namedGroups and signatureSchemes as noticed in https://github.com/openjdk/jdk/pull/17923#issuecomment-1953873607).
The documentation of this sslParameters method can be updated to some more clarity on the usage of these parameters.
/**
* Sets an {@code SSLParameters}.
*
* <p> If this method is not invoked prior to {@linkplain #build()
* building}, then newly built clients will use a default,
* implementation specific, set of parameters.
*
* <p> Some parameters which are used internally by the HTTP Client
* implementation (such as the application protocol list) should not be
* set by callers, as they may be ignored. The contents of the given
* object are copied.
*
* @param sslParameters the SSLParameters
* @return this builder
*/
public Builder sslParameters(SSLParameters sslParameters);
One part of that states:
Some parameters which are used internally by the HTTP Client implementation (such as the application protocol list) should not be set by callers, as they may be ignored.
However, the default implementation of the HttpClient ignores some other parameters too. Some intentionally (like the SNIServerName) and some unintentionally (like the namedGroups and signatureSchemes as noticed in https://github.com/openjdk/jdk/pull/17923#issuecomment-1953873607).
The documentation of this sslParameters method can be updated to some more clarity on the usage of these parameters.
- relates to
-
JDK-8326317 HttpClient: Utils.copySSLParameters() should consider the signatureSchemes and namedGroups of the SSLParameters
-
- Open
-
-
JDK-8294170 HttpClient ignores/clobbers server names set on passed-in SSLParameters
-
- Open
-