1

I've been testing around okhttp3 for making http2 requests, my criteria is to achieve http2 connection using jdk8 itself. I knew this can be easily achieved by upgrading to jdk 9 or using conscrypt as default provider like, 

Security.insertProviderAt(Conscrypt.newProvider(), 1);

But inserting the provider like this will affect at the application level, I just want to restrict this only to the sslSocket which uses http2 connection, all the other sockets should use default provider, I knew apache-httpclient-5 beta provide such option called custom TLSstrategy which helps to assign conscrypt as default provider only for the specific SSLSocketFactory

Kindly help

TIA

Zyber
  • 428
  • 4
  • 21

1 Answers1

0

It isn't really designed for that case, rather the assumption is that if you have Conscrypt available and registered then you are happy and willing to use it.

The OkHttp Platform is auto selected and a JVM singleton, so you can't override per client, or per connection.

You can possibly override the SSLSocketFactory for a client. However, OkHttp also requires the HTTP/1.1 is one of the acceptable protocols, and the TLS Provider will be selected before the client and server negotiate HTTP/1.1 or H2. So this may or may not work for you.

Yuri Schimke
  • 12,435
  • 3
  • 35
  • 69
  • I m using Apache httpclient-4 (for http1.1 requests) and okhttpclient(for h2 requests) so i need to override SslSocketFactories created for okhttpclient to use conscrypt as default provider and other sslSocketFactories which is used by Apache should use Java’s default security provider. For now I use **Security.insertProviderAt(Conscrypt.newProvider(), 1)** before creating and use **Security.removeProvider(“Conscrypt”)** after the socketFactory has been created which is working for now but I think there must be a proper way to do it. – Zyber Feb 15 '19 at 02:02