samuel
10/27/2023, 3:38 PMOkHttpClient
using a custom SSLSocketFactory
that handles all the certificates and private keys. However, one thing i need to support now, is adding an ALPN
“protocol name”. Is there a way i can configure my client to specify the “ALPN protocol name”Clients that connect on port 443 with X.509 client certificate authentication must implement the Application Layer Protocol Negotiation (ALPN) TLS extension and use the ALPN protocol name listed in the ALPN ProtocolNameList sent by the client as part of themessage.ClientHello
yschimke
10/27/2023, 4:54 PMsamuel
10/27/2023, 8:45 PMjessewilson
10/28/2023, 11:55 AMyschimke
10/28/2023, 12:16 PMjessewilson
10/28/2023, 12:19 PMsamuel
10/28/2023, 1:33 PMjessewilson
10/28/2023, 2:23 PMyschimke
10/28/2023, 2:30 PMjessewilson
10/28/2023, 2:47 PMsamuel
10/28/2023, 4:34 PMapplicationProtocols
in my sslSocketFactory
like: sslContext._defaultSSLParameters.applicationProtocols = arrayOf_("x-amzn-http-ca")
but that seems to not have an effect. Is there a way to supply it to okhttp otherwise?yschimke
10/28/2023, 5:58 PMjessewilson
10/28/2023, 8:26 PMsamuel
10/29/2023, 12:25 AMfun sampleSocketFactory(): SSLSocketFactory =
SSLContext.getInstance("TLS").apply {
// simplified
val keyManagers = emptyArray<KeyManager>()
val trustManagers = emptyArray<TrustManager>()
init(keyManagers, trustManagers, null)
val params = defaultSSLParameters
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
params.applicationProtocols += (arrayOf("x-amzn-http-ca"))
}
}.socketFactory
private val sampleOkHttpClient = HttpClient(OkHttp) {
install(ContentNegotiation) {
json(JsonFormat)
}
engine {
config {
connectionSpecs(
listOf(ConnectionSpec.MODERN_TLS.apply {
val f = ConnectionSpec::class.java.getDeclaredField("supportsTlsExtensions")
f.isAccessible = true
f.set(this, false)
})
)
sslSocketFactory(
sampleSocketFactory(),
// implementation removed for simplicity
myX509TrustManager,
)
}
}
}
jessewilson
10/29/2023, 12:53 AMsamuel
10/29/2023, 2:45 AMyschimke
10/29/2023, 11:21 AMjessewilson
10/29/2023, 12:00 PMsamuel
10/29/2023, 12:42 PMparameters.applicationProtocols = arrayOf("x-amzn-http-ca")
seems to require API level 29yschimke
10/29/2023, 1:05 PMsamuel
10/29/2023, 1:32 PMyschimke
10/29/2023, 1:51 PMsamuel
10/29/2023, 2:06 PM