Skip to content

SSLContext gets initialized too early #4757

New issue
New issue
Closed
#4764
Closed
SSLContext gets initialized too early#4757
#4764
@bomgar

Description

@bomgar
bomgar
opened on Mar 29, 2021

Hi,

I have an application that modifies the java Security stack during runtime. This includes the SSL setup. Before this happens I use Jersey to make some http (not https) calls. This causes the SSLContext to initialize

The issue is the static final field here: org.glassfish.jersey.client.internal.HttpUrlConnector

    private static final SSLSocketFactory DEFAULT_SSL_SOCKET_FACTORY = HttpsURLConnection.getDefaultSSLSocketFactory();

This initializes the SSLContext even if the client is only used for http.

So this is called:

    public static synchronized SSLContext getDefault()
            throws NoSuchAlgorithmException {
        if (defaultContext == null) {
            defaultContext = SSLContext.getInstance("Default");
        }
        return defaultContext;
    }

The default context does not get created again after that even if i modify the Security settings.

This should only happen when SSL is actually used for the first time.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions