Enhanced TLS configuration #820

ianbotsf · 2023-03-10T17:07:07Z

(split from #661)

Add additional APIs to configure HTTP engine TLS context.

This may be at the common HttpClientEngineConfig level or at individual engine config level depending on what makes sense.

Possible knobs:

~~min TLS version~~ (handled in TLS Configuration #661)
CA certs (trust manager)
Cipher preferences
Certificate pinning
Host name verifier

Not every engine will support all of these or even if they do may make it difficult to map a common API to.

After these changes are made, coordinate updates to the Developer Guide to clarify how to configure TLS.

Once certificate management is available, complete the HTTP test suite to verify that TLS min versions are working correctly on local test servers with self-signed certificates (see TODO in ConnectionTest.kt).

The text was updated successfully, but these errors were encountered:

ianbotsf added the enhancement New feature or request label Mar 10, 2023

ianbotsf mentioned this issue Mar 10, 2023

TLS Configuration #661

Closed

ianbotsf mentioned this issue May 3, 2023

feat: add HTTP engine config for min TLS version #844

Merged

ianbotsf mentioned this issue Sep 5, 2023

SslSocketFactory on httpClient awslabs/aws-sdk-kotlin#1040

Closed

ianbotsf added the no-auto-closure We do not want this issue to be automatically closed. label Apr 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhanced TLS configuration #820

Enhanced TLS configuration #820

ianbotsf commented Mar 10, 2023 •

edited

Loading

Enhanced TLS configuration #820

Enhanced TLS configuration #820

Comments

ianbotsf commented Mar 10, 2023 • edited Loading

ianbotsf commented Mar 10, 2023 •

edited

Loading