Showing posts with label tls. Show all posts
Showing posts with label tls. Show all posts

Saturday, October 7, 2017

Java HttpsURLConnection and TLS 1.2 | Enable TLS 1.1 and 1.2 for Clients on Java 7 | Enabling TLSv1.2 with HttpsUrlConnection

You will have to create an SSLContext to set the Protocoll:

then you just have to set the SSLContext to the HttpsURLConnection:

httpsCon.setSSLSocketFactory(sc.getSocketFactory());


package com.pkm;

import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;

public class TLSRequest {
    public static void main(String[] args) throws Exception {
        HttpsURLConnection connection = (HttpsURLConnection) new URL("https://pritom.com").openConnection();
        // TLSv1 | TLSv1.1 | TLSv1.2
        SSLContext sc = SSLContext.getInstance("TLSv1");
        sc.init(null, null, new java.security.SecureRandom()); 
        connection.setSSLSocketFactory(sc.getSocketFactory());
    }
}

Thursday, April 25, 2013

cURL in PHP to access HTTPS (SSL/TLS) protected sites

The problem


From PHP, you can access the useful cURL Library (libcurl) to make requests to URLs using a variety of protocols such as HTTP, FTP, LDAP.

If you simply try to access a HTTPS (SSL or TLS-protected resource) in PHP using cURL, you’re likely to run into some difficulty. Say you have the following code: (Error handling omitted for brevity)

// Initialize session and set URL.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);

// Set so curl_exec returns the result instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
// Get the response and close the channel.
$response = curl_exec($ch);
curl_close($ch);

If $url points toward an HTTPS resource, you’re likely to encounter an error like the one below:

Failed: Error Number: 60. Reason: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.

The quick fix


There are two ways to solve this problem. Firstly, we can simply configure cURL to accept any server(peer) certificate. This isn’t optimal from a security point of view, but if you’re not passing sensitive information back and forth, this is probably alright. Simply add the following line before calling curl_exec():


curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);