java.net.http.HttpClient with transportSecurity-1.0

[c-koell]

We have migrated from webProfile-8.1 to webProfile-9.0 and now we are facing some problems with the HttpClient.

I have also created https://github.com/OpenLiberty/open-liberty/issues/23975. It's clear now that with transportSecurity-1.0 the behaviour of SSLContext.getDefault() has changed as described... The SSLContext process default is the SSLContext Java Secure Socket Extension (JSSE) default that uses the cacerts file for the key and trust See also https://www.ibm.com/docs/en/was-liberty/base?topic=liberty-ssl-defaults-in

We have used following code HttpClient.newBuilder().sslContext(SSLContext.getDefault()) This works fine with webProfile-8.1 which uses ssl-1.0 feature. SSLContext.getDefault() has pointed to the Liberty SSLSettings defined in the server.xml

<keyStore id="defaultKeyStore" location="${server.output.dir}/mqClient.p12" password="xxxx" />
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultKeyStore" trustDefaultCerts="true"/>

Now with transportSecurity-1.0 feature we get a SSLContext that points to the cacerts file.

Is the a way to obtain a SSLContext with the Liberty SSL Settings ?

Thanks for any help..

[c-koell]

Maybe someone could give some feedback here ?