Hello 👋 . I am currently using Ktor in an android context. My use case is to communicate to a server with SSL certificate authentication. I have this part set up in my

OkHttpClient

using a custom

SSLSocketFactory

that handles all the certificates and private keys. However, one thing i need to support now, is adding an

ALPN

“protocol name”. Is there a way i can configure my client to specify the “ALPN protocol name”

Not using clean public API. OkHttp sets this without making it configurable.

thanks for the hints, i’ll try this out in a few days and get back to you if i have encounter any issues

Do you need a custom name? Or just HTTP/2?

That’s super bad

I think MQTT uses websockets because it is publisher/subscriber architecture. In my case I'll be using http (ALPN x-amzn-http-ca HTTP)

Yeah, I guess it’s new to me to advertise something other than the standard HTTP transports with OkHttp

If a custom sslSocketFactory is needed anyway. Then maybe the suggestion about disabling supportsTlsExtensions is a valid option

I think that mechanism is currently very much an implementation detail

i tried to set the

applicationProtocols

in my

sslSocketFactory

like:

sslContext._defaultSSLParameters.applicationProtocols = arrayOf_("x-amzn-http-ca")

but that seems to not have an effect. Is there a way to supply it to okhttp otherwise?

Make a repro if you can, it's hard to see if all the right pieces are in place.

Can you get a client library from Amazon? You’re best to use their weird clients with their weird servers

@yschimke here some simplified sample code where i tried your hints:

fun sampleSocketFactory(): SSLSocketFactory =
    SSLContext.getInstance("TLS").apply {
        // simplified
        val keyManagers = emptyArray<KeyManager>()
        val trustManagers = emptyArray<TrustManager>()
        init(keyManagers, trustManagers, null)
        val params = defaultSSLParameters
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
            params.applicationProtocols += (arrayOf("x-amzn-http-ca"))
        }
    }.socketFactory

private val sampleOkHttpClient = HttpClient(OkHttp) {
    install(ContentNegotiation) {
        json(JsonFormat)
    }

    engine {
        config {
            connectionSpecs(
                listOf(ConnectionSpec.MODERN_TLS.apply {
                    val f = ConnectionSpec::class.java.getDeclaredField("supportsTlsExtensions")
                    f.isAccessible = true
                    f.set(this, false)
                })
            )

            sslSocketFactory(
                sampleSocketFactory(),
                // implementation removed for simplicity
                myX509TrustManager,
            )
        }
    }
}

I’d like it if you can make that work

yeah i totally understand, i’ve never encountered a need for custom protocol names until now. I’ll do some more testing on Monday and come back with the results i get

I don't think you need reflection, I was thinking more like this https://github.com/square/okhttp/pull/8081

That’s a fantastic idea and I’m on board

massive thanks @yschimke that worked flawlessly 🙌

Yep, you can check the other code paths.

Yeah that’s a fair tradeoff, i’m massively grateful for your help, at least i can make my way from here 🙌

I made one earlier today

Awesome! Thank you 🙌