WebSocketClient.upgradeSocketToSSL is enforcing TLS 1.2

TooTallNate / Java-WebSocket

A barebones WebSocket client and server implementation written in 100% Java.

http://tootallnate.github.io/Java-WebSocket

MIT License

10.53k stars 2.58k forks source link

WebSocketClient.upgradeSocketToSSL is enforcing TLS 1.2 #1382

Closed pavel-treutner closed 9 months ago

pavel-treutner commented 10 months ago

Describe the bug Is there any reason for enforcing TLS 1.2 in WebSocketClient.upgradeSocketToSSL()? Replacing SSLContext.getInstance("TLSv1.2") with SSLSocketFactory.getDefault() would honor the well-known property jdk.tls.client.protocols allowing unified configuration.

Environment(please complete the following information):

Version used: 1.5.5

marci4 commented 10 months ago

Hey, I changed this like 6 years ago https://github.com/TooTallNate/Java-WebSocket/commit/4094e3d199d9bd99998ddacb6d440a03fed45db6#diff-86950b5c3b9c35d3dbd2c1b6ecdeb1e23fa5bd0b20adeb05d54ac4b94080ff6a

Sonarqube reported it as an error. But I do not recall it any more.

If this is an issue for you, feel free to open a pull request.

Best regards, Marcel

pavel-treutner commented 10 months ago

Probably because TLS v1.2 was disabled in early Java 7 versions. This was a common workaround. Not needed any longer. Java 7 has reached EOL and recent JREs have sensible defaults (TLS 1.2 and 1.3): https://github.com/TooTallNate/Java-WebSocket/pull/1387

marci4 commented 10 months ago

We do have to keep the android world in mind here. The play store still supports KitKat which does not have any support for java 7 apis (e.g. see #1209)