4 Replies Latest reply on Oct 2, 2015 8:28 AM by tnzeibig

    HttpURLConnection

    tnzeibig

      My basic question.

       

      I've got JBoss 5.1, JDK 1.6  does not support TLSv1.2 or 1.1

       

      The code does a HttpURLConnection to a remote payment gateway - but is being refused due to TLS1.0

      Is it possible to send this HttpURLConnection thru an Apache reverse proxy, and have Apache re-write it to TLSV1.2?

       

      Note: I've got the Apache proxy working with the AJP connection, except for this HttpURLConnection - it seems the proxy is just passing the connection on, and still being refused by the gateway.

       

      Any thoughts on this? 

        • 1. Re: HttpURLConnection
          ctomc

          TLSv1.2 was added in JDK7...

          • 2. Re: HttpURLConnection
            tnzeibig

            True. The Apache proxy needs to run on a later version of Java.  I'm trying to find a way to have the Apache proxy re-write the 'Connect' to Https tlsv1.2 to avoid a JBoss update. (Jboss 5.1 won't run on JDK7 as I understand)

            • 3. Re: HttpURLConnection
              tnzeibig

              So my understanding of this so far;
               
              1. Java creates a connection object, using TLS1.0 because its the only protocol available in Java 1.6
               
              2. Java issues a HttpURLConnection.openConnection(proxy) request thru the proxy - This is a request for a tunnel.
               
              3. Apache opens the CONNECT and creates the tunnel to the requested server. No handshake really.
               
              4. Control is passed back to Java to do the handshakes and data transfer, using the Java TLS 1.0 connection object created earlier.
               
              My only goal was to get the Handshake and protocols to be negotiated by Apache, but unless someone has another idea, I'm starting to think this is not possible - outside of upgrading to Java 7 (which causes other issues)
               
              Thoughts anyone?

              • 4. Re: HttpURLConnection
                tnzeibig

                Update: Per a suggestion from another forum, I've got this to work.

                 

                My thinking on this was backward. Removed all the proxy code out of Java, and put in a dummy URL for java to call;

                 

                http://whatever:8080

                 

                In apache, on virtual host 8080 added three lines;

                 

                SSLProxyEngineOn

                ProxyPass /whatever https://actualHost/...

                ProxyPassReverse /whatever https://actualHost/...

                 

                and it works.