diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/http/conn/ClientSSLSetupHandler.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/http/conn/ClientSSLSetupHandler.java
index 7b70948166..1577db8e59 100644
--- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/http/conn/ClientSSLSetupHandler.java
+++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/http/conn/ClientSSLSetupHandler.java
@@ -39,6 +39,9 @@ public class ClientSSLSetupHandler implements SSLSetupHandler {
"localhost",
"localhost.localdomain"};
+ /** Enabled SSL handshake protocols (e.g. SSLv3, TLSv1) */
+ private String[] httpsProtocols;
+
static {
Arrays.sort(LOCALHOSTS);
}
@@ -138,6 +141,13 @@ public ClientSSLSetupHandler(final X509HostnameVerifier hostnameVerifier,
}
public void initalize(SSLEngine sslengine) {
+ /*
+ set handshake protocols if they are specified in transport configuration.
+ eg: TLSv1.1,TLSv1.2
+ */
+ if(null != httpsProtocols) {
+ sslengine.setEnabledProtocols(httpsProtocols);
+ }
}
public void verify(IOSession iosession, SSLSession sslsession) throws SSLException {
@@ -161,4 +171,13 @@ public void verify(IOSession iosession, SSLSession sslsession) throws SSLExcepti
}
}
+ /**
+ * Set HTTPS protocols if mentioned in axis2 configuration
+ *
+ * @param httpsProtocols Array of protocols
+ */
+ public void setHttpsProtocols(String[] httpsProtocols) {
+ this.httpsProtocols = httpsProtocols;
+ }
+
}
\ No newline at end of file
diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/ClientConnFactoryBuilder.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/ClientConnFactoryBuilder.java
index e6a0f1a6d5..214d947048 100644
--- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/ClientConnFactoryBuilder.java
+++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/ClientConnFactoryBuilder.java
@@ -23,8 +23,10 @@
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Locale;
import java.util.Map;
@@ -70,6 +72,7 @@ public ClientConnFactoryBuilder(final TransportOutDescription transportOut) {
public ClientConnFactoryBuilder parseSSL() throws AxisFault {
Parameter keyParam = transportOut.getParameter("keystore");
Parameter trustParam = transportOut.getParameter("truststore");
+ Parameter httpsProtocolsParam = transportOut.getParameter("HttpsProtocols");
OMElement ksEle = null;
OMElement tsEle = null;
@@ -125,7 +128,31 @@ public ClientConnFactoryBuilder parseSSL() throws AxisFault {
revocationVerifier = new RevocationVerificationManager(cacheSize, cacheDelay);
}
- ssl = new SSLContextDetails(sslContext, new ClientSSLSetupHandler(hostnameVerifier, revocationVerifier));
+ // Process HttpProtocols
+ OMElement httpsProtocolsEl = httpsProtocolsParam != null ? httpsProtocolsParam.getParameterElement() : null;
+ String[] httpsProtocols = null;
+ final String configuredHttpsProtocols =
+ httpsProtocolsEl != null ? httpsProtocolsEl.getText() : null;
+ if (configuredHttpsProtocols != null && configuredHttpsProtocols.trim().length() != 0) {
+ String[] configuredValues = configuredHttpsProtocols.trim().split(",");
+ List protocolList = new ArrayList(configuredValues.length);
+ for (String protocol : configuredValues) {
+ if (!protocol.trim().isEmpty()) {
+ protocolList.add(protocol.trim());
+ }
+ }
+
+ httpsProtocols = protocolList.toArray(new String[protocolList.size()]);
+ }
+
+ // Initiated separately to cater setting https protocols
+ ClientSSLSetupHandler clientSSLSetupHandler = new ClientSSLSetupHandler(hostnameVerifier, revocationVerifier);
+
+ if (null != httpsProtocols) {
+ clientSSLSetupHandler.setHttpsProtocols(httpsProtocols);
+ }
+
+ ssl = new SSLContextDetails(sslContext, clientSSLSetupHandler);
sslByHostMap = getCustomSSLContexts(transportOut);
return this;
}