I recently upgraded to akka http 10.2.3 and akka 2.6.11. I am using Http().singleRequest(_, httpsCtx) in my service to call API with https, here httpsCtx is https context. Before upgrading akka http, below code to create https context was working fine
private def getHttpsContext: HttpsConnectionContext = {
import com.typesafe.sslconfig.akka.AkkaSSLConfig
import java.security.cert.X509Certificate
import javax.net.ssl.{ KeyManager, SSLContext, X509TrustManager }
val trustfulSslContext: SSLContext = {
object NoCheckX509TrustManager extends X509TrustManager {
override def checkClientTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
override def checkServerTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
override def getAcceptedIssuers: Array[X509Certificate] = Array[X509Certificate]()
}
val context = SSLContext.getInstance("TLS")
context.init(Array[KeyManager](), Array(NoCheckX509TrustManager), null)
context
}
val sslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose.withAcceptAnyCertificate(true).withDisableHostnameVerification(true).withDisableSNI(true)))
val ctx = Http().createClientHttpsContext(sslConfig)
ConnectionContext.https(trustfulSslContext, ctx.sslConfig, ctx.enabledCipherSuites, ctx.enabledProtocols, ctx.clientAuth, ctx.sslParameters)
}
After upgrade I found, Http().createClientHttpsContext and ConnectionContext.https deprecated and it suggests to use ConnectionContext.httpsClient. I re-wrote logic to accommodate these changes but it is always failing with "General SSLEngine problem".
private def getHttpsContext: HttpsConnectionContext = {
import java.security.cert.X509Certificate
import javax.net.ssl.{ KeyManager, SSLContext, X509TrustManager }
val trustfulSslContext: SSLContext = {
object NoCheckX509TrustManager extends X509TrustManager {
override def checkClientTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
override def checkServerTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
override def getAcceptedIssuers: Array[X509Certificate] = Array[X509Certificate]()
}
val context = SSLContext.getInstance("TLS")
context.init(Array[KeyManager](), Array(NoCheckX509TrustManager), null)
context
}
ConnectionContext.httpsClient(trustfulSslContext)
}
I tried above code with below akka configuration too but its not working. What is the best way to pass https context with singleRequest? I also tried "Http().outgoingConnectionHttps(unsafeHost, connectionContext = badCtx)" as mentioned here https://doc.akka.io/docs/akka-http/current/client-side/client-https-support.html. It is also failing with same "General SSLEngine problem". What could be the issue?
akka {
ssl-config {
loose {
disableHostnameVerification = true,
acceptAnyCertificate = true,
disableSNI = true
}
}
}
question from:
https://stackoverflow.com/questions/65928177/general-sslengine-problem-akka-http-singlerequest-version-10-2-3 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
