Search code examples
sslwso2tls1.2ballerinaballerina-http

How to change TLS protocol settings in HttpClient in Ballerina


I want to change TLS protocol settings in a http:Client just like in http:Listener class. Since they both support TLS configurations, I was able to change TLS configs in a Ballerina server, but was unable to do so in a Ballerina client.

This is the code I wrote for ballerina server. I checked with Wireshark that it uses TLS 1.2

listener http:Listener securedEP = new (9090,
    secureSocket = {
        key: {
            certFile: "./serverpubliccert.crt",
            keyFile: "./serverpvtkey.key"
        },
        protocol: {
            name: "TLS",
            versions: ["TLSv1.2"]
        }
    }
);

However, when I wrote the same way in a ballerina client, I got TLS 1.3 requests. (Verified in wireshark)

http:Client helloClient = check new ("localhost:9090",
    secureSocket = {
        enable: false,
        protocol: {
            name: "TLS",
            versions: ["TLSv1.2"]
        }
    }
);

Solution

  • Setting enable: false in the secureSocket config, disables the client certificate validation. Setting it to true should work. But in that case, you should configure the server certificate as follows,

    secureSocket = {
        cert: "server.crt",
        protocol: {
            name: "TLS",
            versions: ["TLSv1.2"]
        }
    }