diff --git a/subprojects/internal-performance-testing/src/integTest/groovy/org/gradle/performance/fixture/MavenDownloaderTest.groovy b/subprojects/internal-performance-testing/src/integTest/groovy/org/gradle/performance/fixture/MavenDownloaderTest.groovy index dae18a04f26a..e1e68f4ce11b 100644 --- a/subprojects/internal-performance-testing/src/integTest/groovy/org/gradle/performance/fixture/MavenDownloaderTest.groovy +++ b/subprojects/internal-performance-testing/src/integTest/groovy/org/gradle/performance/fixture/MavenDownloaderTest.groovy @@ -16,6 +16,7 @@ package org.gradle.performance.fixture +import org.gradle.api.JavaVersion import org.gradle.api.UncheckedIOException import org.gradle.testing.internal.util.RetryUtil import org.gradle.util.Requires @@ -37,6 +38,9 @@ class MavenDownloaderTest extends Specification { def setup() { installRoot = tmpDir.newFolder() downloader = new MavenInstallationDownloader(installRoot) + if (JavaVersion.current().isJava7()) { + System.setProperty("https.protocols", "TLSv1.2") + } } @Unroll diff --git a/subprojects/internal-testing/src/main/groovy/org/gradle/util/TestPrecondition.groovy b/subprojects/internal-testing/src/main/groovy/org/gradle/util/TestPrecondition.groovy index 9e8e77edc444..c483d1da6497 100644 --- a/subprojects/internal-testing/src/main/groovy/org/gradle/util/TestPrecondition.groovy +++ b/subprojects/internal-testing/src/main/groovy/org/gradle/util/TestPrecondition.groovy @@ -88,6 +88,9 @@ enum TestPrecondition implements org.gradle.internal.Factory { NOT_UNKNOWN_OS({ !UNKNOWN_OS.fulfilled }), + JDK7({ + JavaVersion.current() == JavaVersion.VERSION_1_7 + }), JDK7_OR_EARLIER({ JavaVersion.current() <= JavaVersion.VERSION_1_7 }), diff --git a/subprojects/resources-http/src/integTest/groovy/org/gradle/internal/resource/transport/http/HttpClientConfigurerIntegrationTest.groovy b/subprojects/resources-http/src/integTest/groovy/org/gradle/internal/resource/transport/http/HttpClientConfigurerIntegrationTest.groovy new file mode 100644 index 000000000000..d049cbccf6be --- /dev/null +++ b/subprojects/resources-http/src/integTest/groovy/org/gradle/internal/resource/transport/http/HttpClientConfigurerIntegrationTest.groovy @@ -0,0 +1,42 @@ +/* + * Copyright 2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.gradle.internal.resource.transport.http + +import org.apache.http.conn.ssl.SSLConnectionSocketFactory +import org.apache.http.impl.client.HttpClientBuilder +import org.gradle.testing.internal.util.Specification +import org.gradle.util.Requires +import org.gradle.util.TestPrecondition + +class HttpClientConfigurerIntegrationTest extends Specification { + + @Requires(TestPrecondition.JDK7) + def 'configures TLSv1.2 protocol with Java 7'() { + given: + def settings = DefaultHttpSettings.builder() + .withAuthenticationSettings(Collections.emptyList()) + .allowUntrustedConnections().build() + def builder = new HttpClientBuilder() + + when: + new HttpClientConfigurer(settings).configure(builder) + + then: + SSLConnectionSocketFactory socketFactory = builder.sslSocketFactory + socketFactory.supportedProtocols == ['TLSv1', 'TLSv1.1', 'TLSv1.2'] as String[] + } +} diff --git a/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java b/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java index 0228f4e52dc0..0c9ab42a57be 100644 --- a/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java +++ b/subprojects/resources-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java @@ -55,6 +55,7 @@ import org.apache.http.impl.cookie.RFC6265CookieSpecProvider; import org.apache.http.protocol.HttpContext; import org.apache.http.protocol.HttpCoreContext; +import org.gradle.api.JavaVersion; import org.gradle.api.credentials.PasswordCredentials; import org.gradle.api.specs.Spec; import org.gradle.authentication.Authentication; @@ -79,6 +80,21 @@ public class HttpClientConfigurer { private static final Logger LOGGER = LoggerFactory.getLogger(HttpClientConfigurer.class); private static final int MAX_HTTP_CONNECTIONS = 20; + private static final String[] SSL_PROTOCOLS; + + private static final String HTTPS_PROTOCOLS = "https.protocols"; + + static { + String httpsProtocols = System.getProperty(HTTPS_PROTOCOLS); + if (httpsProtocols != null) { + SSL_PROTOCOLS = httpsProtocols.split(","); + } else if (JavaVersion.current().isJava7()) { + SSL_PROTOCOLS = new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}; + } else { + SSL_PROTOCOLS = null; + } + } + private final HttpSettings httpSettings; public HttpClientConfigurer(HttpSettings httpSettings) { @@ -102,7 +118,7 @@ public void configure(HttpClientBuilder builder) { } private void configureSslSocketConnectionFactory(HttpClientBuilder builder, SslContextFactory sslContextFactory, HostnameVerifier hostnameVerifier) { - builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContextFactory.createSslContext(), hostnameVerifier)); + builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContextFactory.createSslContext(), SSL_PROTOCOLS, null, hostnameVerifier)); } private void configureAuthSchemeRegistry(HttpClientBuilder builder) {