I'd like to get a suggestion how to configure to AhcWSClient in Akka-http 10.10 to AcceptAnyCertificate. It seems either akka-http ignores this setting or overwrites it somewhere. Here it is the config:
val config = new AhcWSClientConfig()
config.wsClientConfig.ssl.loose.withDisableHostnameVerification(true)
config.wsClientConfig.ssl.loose.withAllowUnsafeRenegotiation(Some(true))
config.wsClientConfig.ssl.loose.withAllowWeakProtocols(true)
config.wsClientConfig.ssl.loose.withAllowWeakCiphers(true)
config.wsClientConfig.ssl.loose.withAcceptAnyCertificate(true)
config.wsClientConfig.ssl.withHostnameVerifierClass(classOf[AllowAllHostnameVerifier])
val sslpcfg = com.typesafe.sslconfig.ssl.SSLParametersConfig()
sslpcfg.withClientAuth(ClientAuth.None)
config.wsClientConfig.ssl.withSslParametersConfig(sslpcfg)
val httpClient = AhcWSClient(config)
And here is the response and error with wrong certificate:
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1511391428 bytes = { 214, 109, 199, 200, 211, 168, 31, 158, 27, 226, 47, 64, 128, 164, 87, 22, 29, 27, 111, 54, 93, 236, 40, 137, 163, 77, 210, 196 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=www.html5rocks.com]
***
[write] MD5 and SHA1 hashes: len = 220
0000: 01 00 00 D8 03 03 5A 16 01 C4 D6 6D C7 C8 D3 A8 ......Z....m....
0010: 1F 9E 1B E2 2F 40 80 A4 57 16 1D 1B 6F 36 5D EC ..../@..W...o6].
0020: 28 89 A3 4D D2 C4 00 00 3A C0 23 C0 27 00 3C C0 (..M....:.#.'.<.
0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 %.).g.@...../...
0040: 0E 00 33 00 32 C0 2B C0 2F 00 9C C0 2D C0 31 00 ..3.2.+./...-.1.
0050: 9E 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 ................
0060: 13 00 FF 01 00 00 75 00 0A 00 34 00 32 00 17 00 ......u...4.2...
0070: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0080: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0090: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
00A0: 0B 00 02 01 00 00 0D 00 18 00 16 06 03 06 01 05 ................
00B0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00C0: 02 00 00 00 17 00 15 00 00 12 77 77 77 2E 68 74 ..........www.ht
00D0: 6D 6C 35 72 6F 63 6B 73 2E 63 6F 6D ml5rocks.com
AsyncHttpClient-2-1, WRITE: TLSv1.2 Handshake, length = 220
[Raw write]: length = 225
0000: 16 03 03 00 DC 01 00 00 D8 03 03 5A 16 01 C4 D6 ...........Z....
0010: 6D C7 C8 D3 A8 1F 9E 1B E2 2F 40 80 A4 57 16 1D m......../@..W..
0020: 1B 6F 36 5D EC 28 89 A3 4D D2 C4 00 00 3A C0 23 .o6].(..M....:.#
0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.@....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./..
0050: C0 2D C0 31 00 9E 00 A2 C0 08 C0 12 00 0A C0 03 .-.1............
0060: C0 0D 00 16 00 13 00 FF 01 00 00 75 00 0A 00 34 ...........u...4
0070: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0080: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0090: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
00A0: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 18 00 16 ................
00B0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
00C0: 02 03 02 01 02 02 00 00 00 17 00 15 00 00 12 77 ...............w
00D0: 77 77 2E 68 74 6D 6C 35 72 6F 63 6B 73 2E 63 6F ww.html5rocks.co
00E0: 6D m
[Raw read]: length = 5
0000: 16 03 03 00 57 ....W
[Raw read]: length = 87
0000: 02 00 00 53 03 03 5A 16 01 C5 18 23 EE 29 03 13 ...S..Z....#.)..
0010: 1C 9B 11 08 2A F3 AA DC 77 3E 11 49 5F 07 95 ED ....*...w>.I_...
0020: C9 CF B6 62 F4 04 20 8B 50 3C 03 67 FB 3B C8 62 ...b.. .P<.g.;.b
0030: 85 91 67 FA 3E AC FC D6 5F BE 71 B8 AE 4C 4A 0C ..g.>..._.q..LJ.
0040: 1C 2C DE 5D 50 50 0E C0 2F 00 00 0B FF 01 00 01 .,.]PP../.......
0050: 00 00 0B 00 02 01 00 .......
AsyncHttpClient-2-1, READ: TLSv1.2 Handshake, length = 87
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1511391429 bytes = { 24, 35, 238, 41, 3, 19, 28, 155, 17, 8, 42, 243, 170, 220, 119, 62, 17, 73, 95, 7, 149, 237, 201, 207, 182, 98, 244, 4 }
Session ID: {139, 80, 60, 3, 103, 251, 59, 200, 98, 133, 145, 103, 250, 62, 172, 252, 214, 95, 190, 113, 184, 174, 76, 74, 12, 28, 44, 222, 93, 80, 80, 14}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[read] MD5 and SHA1 hashes: len = 87
0000: 02 00 00 53 03 03 5A 16 01 C5 18 23 EE 29 03 13 ...S..Z....#.)..
0010: 1C 9B 11 08 2A F3 AA DC 77 3E 11 49 5F 07 95 ED ....*...w>.I_...
0020: C9 CF B6 62 F4 04 20 8B 50 3C 03 67 FB 3B C8 62 ...b.. .P<.g.;.b
0030: 85 91 67 FA 3E AC FC D6 5F BE 71 B8 AE 4C 4A 0C ..g.>..._.q..LJ.
0040: 1C 2C DE 5D 50 50 0E C0 2F 00 00 0B FF 01 00 01 .,.]PP../.......
0050: 00 00 0B 00 02 01 00 .......
[Raw read]: length = 5
0000: 16 03 03 05 39 ....9
[Raw read]: length = 1337
0000: 0B 00 05 35 00 05 32 00 05 2F 30 82 05 2B 30 82 ...5..2../0..+0.
0010: 04 13 A0 03 02 01 02 02 08 40 80 2E 40 3B 2C A6 .........@..@;,.
0020: 61 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 a0...*.H........
0030: 30 49 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0I1.0...U....US1
0040: 13 30 11 06 03 55 04 0A 13 0A 47 6F 6F 67 6C 65 .0...U....Google
0050: 20 49 6E 63 31 25 30 23 06 03 55 04 03 13 1C 47 Inc1%0#..U....G
0060: 6F 6F 67 6C 65 20 49 6E 74 65 72 6E 65 74 20 41 oogle Internet A
0070: 75 74 68 6F 72 69 74 79 20 47 32 30 1E 17 0D 31 uthority G20...1
0080: 37 30 37 32 37 30 39 31 37 33 30 5A 17 0D 31 38 70727091730Z..18
0090: 30 37 32 36 30 30 30 30 30 30 5A 30 68 31 0B 30 0726000000Z0h1.0
00A0: 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 ...U....US1.0...
00B0: 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 U....California1
00C0: 16 30 14 06 03 55 04 07 0C 0D 4D 6F 75 6E 74 61 .0...U....Mounta
00D0: 69 6E 20 56 69 65 77 31 13 30 11 06 03 55 04 0A in View1.0...U..
00E0: 0C 0A 47 6F 6F 67 6C 65 20 49 6E 63 31 17 30 15 ..Google Inc1.0.
00F0: 06 03 55 04 03 0C 0E 68 74 6D 6C 35 72 6F 63 6B ..U....html5rock
0100: 73 2E 63 6F 6D 30 82 01 22 30 0D 06 09 2A 86 48 s.com0.."0...*.H
0110: 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 .............0..
0120: 0A 02 82 01 01 00 C6 92 0C 56 7B 58 34 01 46 AA .........V.X4.F.
0130: E6 C6 D0 5D 07 0F B3 7E 05 49 2F BE 03 14 05 36 ...].....I/....6
0140: 14 E7 EF 3B 0D 7D EE 00 51 17 E5 A9 CF B0 28 6E ...;....Q.....(n
0150: AE C1 0A 32 6A DD C5 52 8F 7E A2 BE 96 6D 24 44 ...2j..R.....m$D
0160: C0 2D 7D 8F C6 DC C7 38 94 A3 25 84 73 BE FB 1B .-.....8..%.s...
0170: 64 86 8D 0E 63 0D 4F 53 B2 90 AE 00 EF 81 A3 AE d...c.OS........
0180: 28 6A 3F 7F F9 5A 26 B7 B1 07 B9 C8 37 B9 2E 26 (j?..Z&.....7..&
0190: 32 B8 D6 11 A6 EC E1 AE 5D 21 D0 70 48 AA 89 6A 2.......]!.pH..j
01A0: 7A 6F 92 7D 50 C3 86 D2 36 0B 46 FA 76 57 48 5B zo..P...6.F.vWH[
01B0: 8F B1 6E D5 0B 0B 10 9C 69 12 E5 27 36 3C BF 41 ..n.....i..'6<.A
01C0: 65 59 B1 DC 81 D4 2C 86 2B 72 C3 79 10 53 08 B6 eY....,.+r.y.S..
01D0: 33 5F 4F 6A C0 51 14 8F D1 4B 2B 5C D3 15 51 7D 3_Oj.Q...K+\..Q.
01E0: E0 CD 24 A8 85 56 44 C1 01 0C 47 7A 9F A1 49 96 ..$..VD...Gz..I.
01F0: 2A 3D 37 06 1B DD 03 39 EF 9C 1E 29 6B E9 D3 F7 *=7....9...)k...
0200: F7 62 6E 3C C3 2A DB 15 B8 50 BB 9B 24 B2 4D BD .bn<.*...P..$.M.
0210: 24 83 F0 4B FA A5 D1 CF 34 C7 9C 39 EB 1F 95 55 $..K....4..9...U
0220: 68 0F B5 55 BA 3B 02 03 01 00 01 A3 82 01 F6 30 h..U.;.........0
0230: 82 01 F2 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
0240: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
0250: 03 02 30 81 C3 06 03 55 1D 11 04 81 BB 30 81 B8 ..0....U.....0..
0260: 82 0E 68 74 6D 6C 35 72 6F 63 6B 73 2E 63 6F 6D ..html5rocks.com
0270: 82 17 70 6C 61 79 62 6F 6F 6B 2E 68 74 6D 6C 35 ..playbook.html5
0280: 72 6F 63 6B 73 2E 63 6F 6D 82 19 70 6C 61 79 67 rocks.com..playg
0290: 72 6F 75 6E 64 2E 68 74 6D 6C 35 72 6F 63 6B 73 round.html5rocks
02A0: 2E 63 6F 6D 82 15 73 6C 69 64 65 73 2E 68 74 6D .com..slides.htm
02B0: 6C 35 72 6F 63 6B 73 2E 63 6F 6D 82 15 73 74 75 l5rocks.com..stu
02C0: 64 69 6F 2E 68 74 6D 6C 35 72 6F 63 6B 73 2E 63 dio.html5rocks.c
02D0: 6F 6D 82 18 74 75 74 6F 72 69 61 6C 73 2E 68 74 om..tutorials.ht
02E0: 6D 6C 35 72 6F 63 6B 73 2E 63 6F 6D 82 16 75 70 ml5rocks.com..up
02F0: 64 61 74 65 73 2E 68 74 6D 6C 35 72 6F 63 6B 73 dates.html5rocks
0300: 2E 63 6F 6D 82 12 77 77 77 2E 68 74 6D 6C 35 72 .com..www.html5r
0310: 6F 63 6B 73 2E 63 6F 6D 30 68 06 08 2B 06 01 05 ocks.com0h..+...
0320: 05 07 01 01 04 5C 30 5A 30 2B 06 08 2B 06 01 05 .....\0Z0+..+...
0330: 05 07 30 02 86 1F 68 74 74 70 3A 2F 2F 70 6B 69 ..0...http://pki
0340: 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 2F 47 49 41 47 .google.com/GIAG
0350: 32 2E 63 72 74 30 2B 06 08 2B 06 01 05 05 07 30 2.crt0+..+.....0
0360: 01 86 1F 68 74 74 70 3A 2F 2F 63 6C 69 65 6E 74 ...http://client
0370: 73 31 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 2F 6F 63 s1.google.com/oc
0380: 73 70 30 1D 06 03 55 1D 0E 04 16 04 14 42 E2 6E sp0...U......B.n
0390: E8 07 97 63 25 37 3F 90 CF E2 29 A7 00 6B 60 CD ...c%7?...)..k`.
03A0: 79 30 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 y0...U.......0.0
03B0: 1F 06 03 55 1D 23 04 18 30 16 80 14 4A DD 06 16 ...U.#..0...J...
03C0: 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A BA 5A 81 2F ...h.v....b..Z./
03D0: 30 21 06 03 55 1D 20 04 1A 30 18 30 0C 06 0A 2B 0!..U. ..0.0...+
03E0: 06 01 04 01 D6 79 02 05 01 30 08 06 06 67 81 0C .....y...0...g..
03F0: 01 02 02 30 30 06 03 55 1D 1F 04 29 30 27 30 25 ...00..U...)0'0%
0400: A0 23 A0 21 86 1F 68 74 74 70 3A 2F 2F 70 6B 69 .#.!..http://pki
0410: 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 2F 47 49 41 47 .google.com/GIAG
0420: 32 2E 63 72 6C 30 0D 06 09 2A 86 48 86 F7 0D 01 2.crl0...*.H....
0430: 01 0B 05 00 03 82 01 01 00 2A 88 45 18 98 9E 67 .........*.E...g
0440: 66 85 B7 7C 3D 5C 6B 7B 0C C7 7D 32 FF 3B BC F2 f...=\k....2.;..
0450: 85 1E EA 73 EA B6 EF F7 53 22 98 BA AE 00 56 24 ...s....S"....V$
0460: AE AD 99 7C A8 20 01 56 B1 CA E5 37 FC 8A 94 4C ..... .V...7...L
0470: 85 3C B4 8C 02 D1 41 05 A6 49 39 71 A2 D6 44 DD .<....A..I9q..D.
0480: 2D EB 3A 4E 43 6B 8E 25 5C C7 D6 52 61 47 45 8D -.:NCk.%\..RaGE.
0490: 52 A1 16 85 E7 75 83 32 A1 03 AD 6D B2 62 8A 95 R....u.2...m.b..
04A0: 49 25 26 F5 52 0C 3E 0B A7 0D 07 6A 64 B4 5B 4E I%&.R.>....jd.[N
04B0: B5 F6 13 E2 94 E2 66 A4 50 65 93 97 4C 3B 31 DF ......f.Pe..L;1.
04C0: D0 3F 61 1D 37 5F E1 40 9C 50 70 7C C8 9E 82 54 [email protected]
04D0: 72 56 F8 F6 40 68 9F A1 66 6B B1 A7 A9 BA 78 FA [email protected].
04E0: E1 55 A9 37 D2 15 E5 97 90 6D 44 E2 F1 6A F0 AA .U.7.....mD..j..
04F0: A6 22 22 D5 24 9D 8B CD EF 56 3F 0D 96 F7 A6 99 ."".$....V?.....
0500: EC DD 3A 79 9C B7 3D A3 5A 10 BC E7 EA CB BC 72 ..:y..=.Z......r
0510: A3 93 04 D9 43 7D 9D FF D7 FD 2B 85 AA B1 00 BC ....C.....+.....
0520: 8C 6B 26 A4 3F E1 56 64 E2 A8 59 00 F8 AB C2 DF .k&.?.Vd..Y.....
0530: 7F FC E9 D9 BA AA F5 C9 A6 .........
AsyncHttpClient-2-1, READ: TLSv1.2 Handshake, length = 1337
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=html5rocks.com, O=Google Inc, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25067203432227410251058720673374348644897095461136978321551384204044630717444976639822689251888668864672652415036662552042349546918249641025189689600169693710074985490235471271901443250168689966920881067542265054029105965043957006184870724656122318216707921820914808263605321164435088694207717679683336818427804726937684316133283293833493652955831962376926952250048376964886779517544950177705198254628118611522312661328966625814375742421492666258749985576982214298060811940757403831216869518319647979170711192434504625224392934833374528287108389357389310562969274629129327470870591346849144379096702967008197755648571
public exponent: 65537
Validity: [From: Thu Jul 27 12:17:30 EEST 2017,
To: Thu Jul 26 03:00:00 EEST 2018]
Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US
SerialNumber: [ 40802e40 3b2ca661]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://pki.google.com/GIAG2.crt
,
accessMethod: ocsp
accessLocation: URIName: http://clients1.google.com/ocsp
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.
0010: BA 5A 81 2F .Z./
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://pki.google.com/GIAG2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1]
[] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: html5rocks.com
DNSName: playbook.html5rocks.com
DNSName: playground.html5rocks.com
DNSName: slides.html5rocks.com
DNSName: studio.html5rocks.com
DNSName: tutorials.html5rocks.com
DNSName: updates.html5rocks.com
DNSName: www.html5rocks.com
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 42 E2 6E E8 07 97 63 25 37 3F 90 CF E2 29 A7 00 B.n...c%7?...)..
0010: 6B 60 CD 79 k`.y
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 2A 88 45 18 98 9E 67 66 85 B7 7C 3D 5C 6B 7B 0C *.E...gf...=\k..
0010: C7 7D 32 FF 3B BC F2 85 1E EA 73 EA B6 EF F7 53 ..2.;.....s....S
0020: 22 98 BA AE 00 56 24 AE AD 99 7C A8 20 01 56 B1 "....V$..... .V.
0030: CA E5 37 FC 8A 94 4C 85 3C B4 8C 02 D1 41 05 A6 ..7...L.<....A..
0040: 49 39 71 A2 D6 44 DD 2D EB 3A 4E 43 6B 8E 25 5C I9q..D.-.:NCk.%\
0050: C7 D6 52 61 47 45 8D 52 A1 16 85 E7 75 83 32 A1 ..RaGE.R....u.2.
0060: 03 AD 6D B2 62 8A 95 49 25 26 F5 52 0C 3E 0B A7 ..m.b..I%&.R.>..
0070: 0D 07 6A 64 B4 5B 4E B5 F6 13 E2 94 E2 66 A4 50 ..jd.[N......f.P
0080: 65 93 97 4C 3B 31 DF D0 3F 61 1D 37 5F E1 40 9C e..L;1..?a.7_.@.
0090: 50 70 7C C8 9E 82 54 72 56 F8 F6 40 68 9F A1 66 [email protected]
00A0: 6B B1 A7 A9 BA 78 FA E1 55 A9 37 D2 15 E5 97 90 k....x..U.7.....
00B0: 6D 44 E2 F1 6A F0 AA A6 22 22 D5 24 9D 8B CD EF mD..j..."".$....
00C0: 56 3F 0D 96 F7 A6 99 EC DD 3A 79 9C B7 3D A3 5A V?.......:y..=.Z
00D0: 10 BC E7 EA CB BC 72 A3 93 04 D9 43 7D 9D FF D7 ......r....C....
00E0: FD 2B 85 AA B1 00 BC 8C 6B 26 A4 3F E1 56 64 E2 .+......k&.?.Vd.
00F0: A8 59 00 F8 AB C2 DF 7F FC E9 D9 BA AA F5 C9 A6 .Y..............
]
***
AsyncHttpClient-2-1, fatal error: 46: General SSLEngine problem
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
AsyncHttpClient-2-1, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
AsyncHttpClient-2-1, WRITE: TLSv1.2 Alert, length = 2
AsyncHttpClient-2-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
[Raw write]: length = 7
0000: 15 03 03 00 02 02 2E .......
AsyncHttpClient-2-1, called closeOutbound()
AsyncHttpClient-2-1, closeOutboundInternal()
AsyncHttpClient-2-1, called closeInbound()
AsyncHttpClient-2-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
AsyncHttpClient-2-1, called closeOutbound()
AsyncHttpClient-2-1, closeOutboundInternal()
AsyncHttpClient-2-1, called closeOutbound()
AsyncHttpClient-2-1, closeOutboundInternal()`
It seems like an old bug to me which was raised in WSClient in 2016, 2013, etc. and then was fixed.
Also the suggestion is that withAcceptAnyCertificate is ignored completely as was suggested to remove in future versions of akka in about 2016.
The problem raises with this url connection https://www.html5rocks.com/ru/tutorials/internals/howbrowserswork/
Same url is successfully connected to by AhcWSClient without www prefix
Any suggestion are appreciated
You are using the SSLLooseConfig API incorrectly: this API uses the 'immutable' style, where withDisableHostnameVerification returns a new copy of the configuration with that option adapted, rather than mutating the object you used as a starting point.
This is commonly the case for API's that use withXxx rather than setXxx, and you can verify by looking at the source:
def withDisableHostnameVerification(value: Boolean): SSLLooseConfig =
copy(disableHostnameVerification = value)
Does that help? I'm not too familiar with Play myself, but it might be easier to configure these settings in your application configuration instead of in code and creating the client as described in the play docs.