Is RestTemplate by default https enabled

Question

If using simply the default RestTemplate (by using just new RestTemplate()) and pass it with an url with https, does that mean the connection is using TLS ?

TestRequest request = getTestRequest();

RestTemplate r = new RestTemplate();
String url = "https://FQDN/path/resource";
ResponseEntity<String> resp = r.postForEntity(url, request, String.class);

System.out.println("resp - " + resp.getBody());

I have tried with something like below and the call is successful. Actually, if I change the url to http, the call doesn't work. However, I got confused after getting to learn from somewhere that to use https, it would have to use something like secured RestTemplate (and set some TLS config setting). But from my testing, it seem like by using the default RestTemplate (and pass it with an https url), it would already work.

Answer 1

Yes, RestTemplate can connect to HTTPS endpoints out of the box. If you need mTLS where the client also authenticates itself, you need to configure it.

Answer 2

By default the Rest Template is not https enabled. You need to explicitly do the configurations. It might be working in your case due to server configurations. The server has a property called server.ssl.client-auth:need . If it is set to "want" then it is not mandatory for client to present a certificate to server to validate its identity. Server will skip validation if client is not presenting certificate to it whereas in case of need the client need to present it's certificate to server.