Example SSL / TLS Configuration for Http Clients

[Hakky54]

Every http client will have a slightly different configuration for encryption/https and therefor as a developer we need to dive into their documentation to find examples, this will be unfortunately time-consuming. Some clients just only require SSLContext, others will need a SocketFactory, SSLSocketFactory, TrustManager, X509TrustManager, X509ExtendedTrustManager, KeyManager, X509KeyManager, X509ExtendedKeyManager, DefaultSSLParameters or a list of trusted certificates. I wanted to provide an overview of http clients configuration as a cheat-sheet to make our lives easier.

Below is an overview of client configuration examples with and without TLS/SSL enabled and with basic http requests. The examples are from the github project mutual-tls-ssl, which is a practical tutorial for configuring a client and a server for four scenarios:

• No security
• One way authentication
• Two way authentication
• Two way authentication with trusting the Certificate Authority

Example client configuration and example requests / Cheatsheet

All client examples use the same base ssl configuration created within the SSLConfig class

Java

• Apache HttpClient -> Client configuration | Example request
• Apache HttpAsyncClient -> Client configuration | Example request
• Apache 5 HttpClient -> Client configuration | Example request
• Apache 5 HttpAsyncClient -> Client configuration | Example request
• JDK HttpClient -> Client Configuration | Example request
• Old JDK HttpClient -> Client Configuration & Example request
• Netty Reactor -> Client Configuration | Example request
• Jetty Reactive HttpClient -> Client Configuration | Example request
• Spring RestTemplate -> Client Configuration | Example request
• Spring WebFlux WebClient Netty -> Client Configuration | Example request
• Spring WebFlux WebClient Jetty -> Client Configuration | Example request
• OkHttp -> Client Configuration | Example request
• Jersey Client -> Client Configuration | Example request
• Old Jersey Client -> Client Configuration | Example request
• Apache CXF JAX-RS -> Client Configuration | Example request
• Apache CXF using ConduitConfigurer -> Client Configuration | Example request
• Google HttpClient -> Client Configuration | Example request
• Unirest -> Client Configuration | Example request
• Retrofit -> Client Configuration | Example request
• Async Http Client -> Client Configuration | Example request
• Feign -> Client Configuration | Example request
• Methanol -> Client Configuration | Example request
• Vertx Webclient -> Client Configuration | Example request
• gRPC -> Client/Server Configuration & Example request
• ElasticSearch -> RestHighLevelClient Configuration & example request
• Jetty WebSocket -> Client configuration & example request

Kotlin

• Fuel -> Client Configuration & Example request
• Http4k with Apache 4 -> Client Configuration | Example request
• Http4k with Async Apache 4 -> Client Configuration | Example request
• Http4k with Apache 5 -> Client Configuration | Example request
• Http4k with Async Apache 5 -> Client Configuration | Example request
• Http4k with Java Net -> Client Configuration | Example request
• Http4k with Jetty -> Client Configuration | Example request
• Http4k with OkHttp -> Client Configuration | Example request
• Kohttp -> Client Configuration & Example request
• Ktor with Android engine -> Client Configuration | Example request
• Ktor with Apache engine -> Client Configuration | Example request
• Ktor with CIO (Coroutine-based I/O) engine -> Client Configuration | Example request
• Ktor with Java engine -> Client Configuration | Example request
• Ktor with Okhttp engine -> Client Configuration | Example request

Scala

• Twitter Finagle -> Client Configuration | Example request
• Twitter Finagle Featherbed -> Client Configuration & Example request
• Akka Http Client -> Client Configuration | Example request
• Dispatch Reboot -> Client Configuration & Example request
• ScalaJ / Simplified Http Client -> Client Configuration & Example request
• Sttp -> Client Configuration & Example request
• Requests-Scala -> Client Configuration & Example request
• Http4s Blaze Client -> Client Configuration | Example request
• Http4s Java Net Client -> Client Configuration | Example request

Feel free to ask for other client examples here

[skarzhevskyy]

Do you think adding example using Apache CXF will add value to this already impressive list ?
https://cxf.apache.org/docs/jax-rs-client-api.html and the same for https://cxf.apache.org/docs/dynamic-clients.html
can be achieved in CXF by adding HTTPConduitConfigurer and using already documented methods
minimalistic code example

 @Override
    public void configure(String name, String address, HTTPConduit httpConduit) {
       TLSClientParameters tls = httpConduit.getTlsClientParameters();
        if (tls == null) {       tls = new TLSClientParameters();       }
        SSLFactory sslFactory = ....;
        tls.setTrustManagers(new TrustManager[] { sslFactory.getTrustManager().get() });
        tls.setHostnameVerifier(sslFactory.getHostnameVerifier());
        httpConduit.setTlsClientParameters(tls);
    }

[Hakky54]

Hi Vlad, @skarzhevskyy

Thank you for your suggestion for these two http clients. I think it will definitely add value to the list. The https://cxf.apache.org/docs/jax-rs-client-api.html looks however identical to the jersey client, see here for the example configuration and example request: Client Configuration | Example request What do you think?

Regarding the other client, https://cxf.apache.org/docs/dynamic-clients.html, feel free to open a pull request here: https://github.com/Hakky54/mutual-tls-ssl if you want to contribute or else I will try to add it 😄

[Hakky54]

I updated the list with Apache Jax-RS and Apache WebClient configuration. Thank you for the PR Vlad!