From f4d40fc3f3140fd046ed957030e9a54582bd4a67 Mon Sep 17 00:00:00 2001
From: joe <joe.boudreau@pm.me>
Date: Fri, 28 Aug 2020 14:17:32 -0400
Subject: [PATCH] [BAEL-4448] Added examples for setting TLS version in
 HttpClient

---
 .../com/baeldung/ClientTlsVersionExamples     | 73 +++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 httpclient/src/main/java/com/baeldung/ClientTlsVersionExamples

diff --git a/httpclient/src/main/java/com/baeldung/ClientTlsVersionExamples b/httpclient/src/main/java/com/baeldung/ClientTlsVersionExamples
new file mode 100644
index 0000000000..a146da4fcf
--- /dev/null
+++ b/httpclient/src/main/java/com/baeldung/ClientTlsVersionExamples
@@ -0,0 +1,73 @@
+package com.baeldung
+
+import org.apache.http.HttpEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
+import org.apache.http.util.EntityUtils;
+
+import javax.net.ssl.SSLSocket;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+
+public class ClientTlsVersionExmaples{
+
+    public static CloseableHttpClient setViaSocketFactory(){
+        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
+                SSLContexts.createDefault(),
+                new String[] {"TLSv1.2", "TLSv1.3"},
+                null,
+                SSLConnectionSocketFactory.getDefaultHostnameVerifier());
+
+        return HttpClients.custom().setSSLSocketFactory(sslsf).build();
+    }
+
+    public static CloseableHttpClient setTlsVersionPerConnection() {
+SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContexts.createDefault()){
+
+    @Override
+    protected void prepareSocket(SSLSocket socket) {
+        String[] enabledProtocols = new String[] {"TLSv1.3"};
+
+        SocketAddress remoteAddr = socket.getRemoteSocketAddress();
+        if (remoteAddr instanceof InetSocketAddress){
+            String hostname = ((InetSocketAddress) remoteAddr).getHostName();
+            if (hostname.endsWith("internal.system.com")){
+                enabledProtocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" };
+            }
+        }
+        socket.setEnabledProtocols(enabledProtocols);
+    }
+};
+
+return HttpClients.custom().setSSLSocketFactory(sslsf).build();
+    }
+
+    // To set the TLS versions for the client, set the https.protocols system property during runtime.
+    // For example: java -Dhttps.protocols=TLSv1.1,TLSv1.2,TLSv1.3 -jar webClient.jar
+    public static CloseableHttpClient setViaSystemProperties(){
+        return HttpClients.createSystem();
+        //alternatively
+        //return HttpClients.custom().useSystemProperties().build();
+    }
+
+    public static void main(String[] args) throws Exception {
+
+        CloseableHttpClient httpClient = setTlsVersionPerConnection();
+        //HttpClient httpClient = setViaSocketFactory();
+        //HttpClient httpClient = setViaSystemProperties();
+
+        try {
+            try (CloseableHttpResponse response = httpClient.execute(new HttpGet("https://httpbin.org/"))) {
+                HttpEntity entity = response.getEntity();
+                EntityUtils.consume(entity);
+            }
+        } finally {
+            httpClient.close();
+        }
+    }
+
+}
\ No newline at end of file