Have an option for disabling HTTPS Algorithm on SSLEngine, close AsyncHttpClient#1313

Author: slandelle

client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java

@@ -202,8 +202,6 @@ public interface AsyncHttpClientConfig {
     boolean isStrict302Handling();
 
     /**
-     * Return the maximum time in millisecond an {@link AsyncHttpClient} will keep connection in the pool, or -1 to keep connection while possible.
-     *
      * @return the maximum time in millisecond an {@link AsyncHttpClient} will keep connection in the pool, or -1 to keep connection while possible.
      */
     int getConnectionTtl();
@@ -212,6 +210,11 @@ public interface AsyncHttpClientConfig {
 
     boolean isUseInsecureTrustManager();
 
+    /**
+     * @return true to disable all HTTPS behaviors AT ONCE, such as hostname verification and SNI
+     */
+    boolean isDisableHttpsAlgorithm();
+
     /**
      * @return the array of enabled protocols
      */

client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java

@@ -96,6 +96,7 @@ public class DefaultAsyncHttpClientConfig implements AsyncHttpClientConfig {
     // ssl
     private final boolean useOpenSsl;
     private final boolean useInsecureTrustManager;
+    private final boolean disableHttpsAlgorithm;
     private final int handshakeTimeout;
     private final String[] enabledProtocols;
     private final String[] enabledCipherSuites;
@@ -168,6 +169,7 @@ private DefaultAsyncHttpClientConfig(//
             // ssl
             boolean useOpenSsl,//
             boolean useInsecureTrustManager,//
+            boolean disableHttpsAlgorithm,//
             int handshakeTimeout,//
             String[] enabledProtocols,//
             String[] enabledCipherSuites,//
@@ -241,6 +243,7 @@ private DefaultAsyncHttpClientConfig(//
         // ssl
         this.useOpenSsl = useOpenSsl;
         this.useInsecureTrustManager = useInsecureTrustManager;
+        this.disableHttpsAlgorithm = disableHttpsAlgorithm;
         this.handshakeTimeout = handshakeTimeout;
         this.enabledProtocols = enabledProtocols;
         this.enabledCipherSuites = enabledCipherSuites;
@@ -426,6 +429,11 @@ public boolean isUseInsecureTrustManager() {
         return useInsecureTrustManager;
     }
 
+    @Override
+    public boolean isDisableHttpsAlgorithm() {
+        return disableHttpsAlgorithm;
+    }
+
     @Override
     public int getHandshakeTimeout() {
         return handshakeTimeout;
@@ -630,6 +638,7 @@ public static class Builder {
         // ssl
         private boolean useOpenSsl = defaultUseOpenSsl();
         private boolean useInsecureTrustManager = defaultUseInsecureTrustManager();
+        private boolean disableHttpsAlgorithm = defaultDisableHttpsAlgorithm();
         private int handshakeTimeout = defaultHandshakeTimeout();
         private String[] enabledProtocols = defaultEnabledProtocols();
         private String[] enabledCipherSuites = defaultEnabledCipherSuites();
@@ -902,6 +911,11 @@ public Builder setUseInsecureTrustManager(boolean useInsecureTrustManager) {
             return this;
         }
 
+        public Builder setDisableHttpsAlgorithm(boolean disableHttpsAlgorithm) {
+            this.useInsecureTrustManager = disableHttpsAlgorithm;
+            return this;
+        }
+
         public Builder setHandshakeTimeout(int handshakeTimeout) {
             this.handshakeTimeout = handshakeTimeout;
             return this;
@@ -1124,6 +1138,7 @@ public DefaultAsyncHttpClientConfig build() {
                     keepAliveStrategy, //
                     useOpenSsl, //
                     useInsecureTrustManager, //
+                    disableHttpsAlgorithm, //
                     handshakeTimeout, //
                     enabledProtocols, //
                     enabledCipherSuites, //

client/src/main/java/org/asynchttpclient/config/AsyncHttpClientConfigDefaults.java

@@ -79,7 +79,7 @@ public static String defaultUserAgent() {
     public static String[] defaultEnabledProtocols() {
         return AsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getStringArray(ASYNC_CLIENT_CONFIG_ROOT + "enabledProtocols");
     }
-    
+
     public static String[] defaultEnabledCipherSuites() {
         String[] defaultEnabledCipherSuites = AsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getStringArray(ASYNC_CLIENT_CONFIG_ROOT + "enabledCipherSuites");
         Set<String> supportedCipherSuites = NettySslPackageAccessor.jdkSupportedCipherSuites();
@@ -122,6 +122,10 @@ public static boolean defaultUseInsecureTrustManager() {
         return AsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getBoolean(ASYNC_CLIENT_CONFIG_ROOT + "useInsecureTrustManager");
     }
 
+    public static boolean defaultDisableHttpsAlgorithm() {
+        return AsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getBoolean(ASYNC_CLIENT_CONFIG_ROOT + "disableHttpsAlgorithm");
+    }
+
     public static int defaultSslSessionCacheSize() {
         return AsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getInt(ASYNC_CLIENT_CONFIG_ROOT + "sslSessionCacheSize");
     }

client/src/main/java/org/asynchttpclient/netty/ssl/SslEngineFactoryBase.java

@@ -25,9 +25,11 @@ public abstract class SslEngineFactoryBase implements SslEngineFactory {
 
     protected void configureSslEngine(SSLEngine sslEngine, AsyncHttpClientConfig config) {
         sslEngine.setUseClientMode(true);
-        SSLParameters params = sslEngine.getSSLParameters();
-        params.setEndpointIdentificationAlgorithm("HTTPS");
-        sslEngine.setSSLParameters(params);
+        if (!config.isDisableHttpsAlgorithm()) {
+            SSLParameters params = sslEngine.getSSLParameters();
+            params.setEndpointIdentificationAlgorithm("HTTPS");
+            sslEngine.setSSLParameters(params);
+        }
 
         if (isNonEmpty(config.getEnabledProtocols()))
             sslEngine.setEnabledProtocols(config.getEnabledProtocols());

client/src/main/resources/ahc-default.properties

@@ -23,6 +23,7 @@ org.asynchttpclient.disableUrlEncodingForBoundRequests=false
 org.asynchttpclient.removeQueryParamOnRedirect=true
 org.asynchttpclient.useOpenSsl=false
 org.asynchttpclient.useInsecureTrustManager=false
+org.asynchttpclient.disableHttpsAlgorithm=false
 org.asynchttpclient.sslSessionCacheSize=0
 org.asynchttpclient.sslSessionTimeout=0
 org.asynchttpclient.tcpNoDelay=true