aws
diff --git a/‎http-clients/apache5-client/src/main/java/software/amazon/awssdk/http/apache5/Apache5HttpClient.java
Lines changed: 8 additions & 8 deletions b/‎http-clients/apache5-client/src/main/java/software/amazon/awssdk/http/apache5/Apache5HttpClient.java
Lines changed: 8 additions & 8 deletions
diff --git a/‎http-clients/apache5-client/src/main/java/software/amazon/awssdk/http/apache5/internal/conn/ConnectionSocketFactoryToTlsStrategyAdapter.java
Lines changed: 70 additions & 0 deletions b/‎http-clients/apache5-client/src/main/java/software/amazon/awssdk/http/apache5/internal/conn/ConnectionSocketFactoryToTlsStrategyAdapter.java
Lines changed: 70 additions & 0 deletions
diff --git a/‎http-clients/apache5-client/src/main/java/software/amazon/awssdk/http/apache5/internal/conn/SslSocketFactoryToTlsStrategyAdapter.java
Lines changed: 0 additions & 55 deletions b/‎http-clients/apache5-client/src/main/java/software/amazon/awssdk/http/apache5/internal/conn/SslSocketFactoryToTlsStrategyAdapter.java
Lines changed: 0 additions & 55 deletions
diff --git a/‎http-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5ClientTlsAuthTest.java
Lines changed: 0 additions & 65 deletions b/‎http-clients/apache5-client/src/test/java/software/amazon/awssdk/http/apache5/Apache5ClientTlsAuthTest.java
Lines changed: 0 additions & 65 deletions
@@ -53,9 +53,9 @@
 import org.apache.hc.client5.http.io.HttpClientConnectionManager;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
 import org.apache.hc.client5.http.routing.HttpRoutePlanner;
+import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
 import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
-import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
 import org.apache.hc.client5.http.ssl.TlsSocketStrategy;
 import org.apache.hc.core5.http.ClassicHttpResponse;
 import org.apache.hc.core5.http.Header;
@@ -88,10 +88,10 @@
 import software.amazon.awssdk.http.apache5.internal.DefaultConfiguration;
 import software.amazon.awssdk.http.apache5.internal.SdkProxyRoutePlanner;
 import software.amazon.awssdk.http.apache5.internal.conn.ClientConnectionManagerFactory;
+import software.amazon.awssdk.http.apache5.internal.conn.ConnectionSocketFactoryToTlsStrategyAdapter;
 import software.amazon.awssdk.http.apache5.internal.conn.IdleConnectionReaper;
 import software.amazon.awssdk.http.apache5.internal.conn.SdkConnectionKeepAliveStrategy;
 import software.amazon.awssdk.http.apache5.internal.conn.SdkTlsSocketFactory;
-import software.amazon.awssdk.http.apache5.internal.conn.SslSocketFactoryToTlsStrategyAdapter;
 import software.amazon.awssdk.http.apache5.internal.impl.Apache5HttpRequestFactory;
 import software.amazon.awssdk.http.apache5.internal.impl.Apache5SdkHttpClient;
 import software.amazon.awssdk.http.apache5.internal.impl.ConnectionManagerAwareHttpClient;
@@ -461,12 +461,12 @@ public interface Builder extends SdkHttpClient.Builder<Apache5HttpClient.Builder
          * TLS_TRUST_MANAGERS_PROVIDER, and TLS_KEY_MANAGERS_PROVIDER are ignored.
          */
         @Deprecated
-        Builder socketFactory(SSLConnectionSocketFactory socketFactory);
+        Builder socketFactory(ConnectionSocketFactory socketFactory);
 
 
         /**
          * Configure a custom TLS strategy for SSL/TLS connections.
-         * This is the preferred method over the deprecated {@link #socketFactory(SSLConnectionSocketFactory)}.
+         * This is the preferred method over the deprecated {@link #socketFactory(ConnectionSocketFactory)}.
          *
          * @param tlsSocketStrategy The TLS strategy to use for upgrading connections to TLS.
          *                    If null, default TLS configuration will be used.
@@ -532,7 +532,7 @@ private static final class DefaultBuilder implements Builder {
         private HttpRoutePlanner httpRoutePlanner;
         private CredentialsProvider credentialsProvider;
         private DnsResolver dnsResolver;
-        private SSLConnectionSocketFactory legacySocketFactory;
+        private ConnectionSocketFactory legacySocketFactory;
         private TlsSocketStrategy tlsStrategy;
 
         private DefaultBuilder() {
@@ -655,13 +655,13 @@ public void setDnsResolver(DnsResolver dnsResolver) {
         }
 
         @Override
-        public Builder socketFactory(SSLConnectionSocketFactory socketFactory) {
+        public Builder socketFactory(ConnectionSocketFactory socketFactory) {
             this.legacySocketFactory = socketFactory;
             this.tlsStrategy = null; // Clear any previously set strategy
             return this;
         }
 
-        public void setSocketFactory(SSLConnectionSocketFactory socketFactory) {
+        public void setSocketFactory(ConnectionSocketFactory socketFactory) {
             socketFactory(socketFactory);
         }
 
@@ -747,7 +747,7 @@ TlsSocketStrategy getEffectiveTlsStrategy() {
                 return tlsStrategy;
             }
             if (legacySocketFactory != null) {
-                return new SslSocketFactoryToTlsStrategyAdapter(legacySocketFactory);
+                return new ConnectionSocketFactoryToTlsStrategyAdapter(legacySocketFactory);
             }
             return null;
         }
 
@@ -0,0 +1,70 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.apache5.internal.conn;
+
+import java.io.IOException;
+import java.net.Socket;
+import javax.net.ssl.SSLSocket;
+import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
+import org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory;
+import org.apache.hc.client5.http.ssl.TlsSocketStrategy;
+import org.apache.hc.core5.http.protocol.HttpContext;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+
+/**
+ * Adapter to wrap ConnectionSocketFactory as TlsSocketStrategy.
+ * Supports both plain and layered (SSL/TLS) socket factories.
+ */
+@SdkInternalApi
+public class ConnectionSocketFactoryToTlsStrategyAdapter implements TlsSocketStrategy {
+
+    private final ConnectionSocketFactory socketFactory;
+
+    public ConnectionSocketFactoryToTlsStrategyAdapter(ConnectionSocketFactory socketFactory) {
+        this.socketFactory = socketFactory;
+    }
+
+    @Override
+    public SSLSocket upgrade(Socket socket,
+                             String target,
+                             int port,
+                             Object attachment,
+                             HttpContext context) throws IOException {
+
+        // Only LayeredConnectionSocketFactory can upgrade to SSL
+        if (socketFactory instanceof LayeredConnectionSocketFactory) {
+            LayeredConnectionSocketFactory layeredFactory = (LayeredConnectionSocketFactory) socketFactory;
+            Socket upgradedSocket = layeredFactory.createLayeredSocket(socket, target, port, context);
+
+            if (upgradedSocket == null) {
+                throw new IOException("LayeredConnectionSocketFactory.createLayeredSocket returned null");
+            }
+            if (!(upgradedSocket instanceof SSLSocket)) {
+                throw new IOException("LayeredConnectionSocketFactory.createLayeredSocket did not return an SSLSocket. " +
+                                      "Returned type: " + upgradedSocket.getClass().getName());
+            }
+
+            return (SSLSocket) upgradedSocket;
+        }
+
+        // For plain socket factories (like PlainConnectionSocketFactory),
+        // we can't upgrade to TLS, but we shouldn't throw an exception
+        // Return null to indicate no TLS upgrade is possible/needed
+        return null;
+    }
+
+
+}
@@ -20,7 +20,6 @@
 import static com.github.tomakehurst.wiremock.client.WireMock.urlMatching;
 import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static software.amazon.awssdk.utils.JavaSystemSetting.SSL_KEY_STORE;
 import static software.amazon.awssdk.utils.JavaSystemSetting.SSL_KEY_STORE_PASSWORD;
@@ -57,7 +56,6 @@
 import software.amazon.awssdk.http.SdkHttpRequest;
 import software.amazon.awssdk.http.TlsKeyManagersProvider;
 import software.amazon.awssdk.http.apache5.internal.conn.SdkTlsSocketFactory;
-import software.amazon.awssdk.http.apache5.internal.conn.SslSocketFactoryToTlsStrategyAdapter;
 import software.amazon.awssdk.internal.http.NoneTlsKeyManagersProvider;
 
 /**
@@ -332,67 +330,4 @@ public void tls_strategy_overrides_legacy_factory() throws Exception {
         Mockito.verifyNoInteractions(legacyFactorySpy);
     }
 
-    @Test
-    public void adapter_converts_non_sslSocketException() throws Exception {
-        // Create mock that returns a regular Socket (not SSLSocket)
-        SSLConnectionSocketFactory mockFactory = Mockito.mock(SSLConnectionSocketFactory.class);
-        Socket nonSslSocket = Mockito.mock(Socket.class);
-
-        // Setup mock to return non-SSL socket
-        Mockito.when(mockFactory.createLayeredSocket(
-            Mockito.any(Socket.class),
-            Mockito.eq("example.com"),
-            Mockito.eq(443),
-            Mockito.any()
-        )).thenReturn(nonSslSocket);
-
-        // Create adapter
-        SslSocketFactoryToTlsStrategyAdapter adapter =
-            new SslSocketFactoryToTlsStrategyAdapter(mockFactory);
-
-        // Test should throw IOException
-        Socket plainSocket = Mockito.mock(Socket.class);
-
-        assertThatExceptionOfType(IOException.class)
-            .isThrownBy(() -> adapter.upgrade(plainSocket, "example.com", 443, null, null))
-            .withMessageContaining("did not return an SSLSocket")
-            .withMessageContaining(nonSslSocket.getClass().getName());
-    }
-
-
-    @Test
-    public void adapter_handlesNullSocket() throws Exception {
-        // Create mock that returns null
-        SSLConnectionSocketFactory mockFactory = Mockito.mock(SSLConnectionSocketFactory.class);
-
-        Mockito.when(mockFactory.createLayeredSocket(
-            Mockito.any(Socket.class),
-            Mockito.anyString(),
-            Mockito.anyInt(),
-            Mockito.any(HttpContext.class)
-        )).thenReturn(null);
-
-        // Create adapter
-        SslSocketFactoryToTlsStrategyAdapter adapter =
-            new SslSocketFactoryToTlsStrategyAdapter(mockFactory);
-
-        // Test should throw IOException
-        Socket plainSocket = Mockito.mock(Socket.class);
-
-        assertThatExceptionOfType(IOException.class)
-            .isThrownBy(() -> adapter.upgrade(plainSocket, "example.com", 443, null, null))
-            .withMessageContaining("returned null");
-    }
-
-    @Test
-    public void null_tlsStrategy_falls_backToDefault() throws Exception {
-        // Test that setting tlsSocketStrategy(null) works correctly
-        client = Apache5HttpClient.builder()
-                                  .tlsSocketStrategy(null)
-                                  .tlsKeyManagersProvider(keyManagersProvider)
-                                  .build();
-
-        HttpExecuteResponse response = makeRequestWithHttpClient(client);
-        assertThat(response.httpResponse().isSuccessful()).isTrue();
-    }
 }