Hi,

I ran into the issue that I cannot use HTTP/3 with JRE HTTP Client with a 
custom trust manager. It always fails with UnsupportedProtocolException: HTTP3 
is not supported (thrown from 
https://github.com/openjdk/jdk/blob/b3100b4173184a8c9d9c9ef0975c795bd4d64b7f/src/java.net.http/share/classes/jdk/internal/net/http/HttpClientImpl.java#L480).
 

The reason seems to be this guard: 
https://github.com/openjdk/jdk/blob/631b675d7949a0e6312d8d6f45e2515d53b12f05/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#L529
 which is not passed when leveraging a custom trust manager (implementing a 
trust all policy).

My use case is both an IT accepting all certificates as well as an application 
flag which deliberately weakens security. Please find some example code in 
https://github.com/apache/maven-resolver/blob/16bbda7e6afebb133aed63fe36ade1c850804b07/maven-resolver-transport-jdk-parent/maven-resolver-transport-jdk11/src/main/java/org/eclipse/aether/transport/jdk/JdkTransporter.java#L490-L515.

How to I connect via HTTP/3 with a trust all policy trust manager?

Although https://openjdk.org/jeps/517 explicitly states: "This first 
implementation of HTTP/3 will not support secure-socket providers other than 
the default provider, SunJSSE.”
It doesn’t state anything about custom trust managers.

Thanks in advance for your thoughts.
Konrad

Reply via email to