Skip to content

Latest commit

 

History

History
85 lines (52 loc) · 3.5 KB

client-ssl.md

File metadata and controls

85 lines (52 loc) · 3.5 KB

To configure SSL in the Ktor client, you need to customize the configuration of an engine used by your client. In this topic, we'll show you how to add an SSL certificate for different JVM engines.

To learn how to generate a self-signed certificate using the Ktor API, see .

Load SSL settings {id="ssl-settings"}

In this topic, the Ktor client will be using a certificate loaded from the existing KeyStore file (keystore.jks) generated for the server. Given that different engines use different JSSE API to configure SSL (for example, SSLContext for Apache or TrustManager for Jetty), we need to have the capability to obtain corresponding SSL configurations. The code snippet below creates the SslSettings object that loads a certificate from the existing KeyStore file (keystore.jks) and provides functions for loading SSL configurations:



{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="66-90"}


Configure SSL in Ktor {id="configure-ssl"}


In this section, we'll see how to configure SSL for different engines.
You can find the full example here: client-ssl-config.


Apache {id="apache"}


To enable SSL for Apache, you need to pass SSLContext:




{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="20-24"}


Java {id="java"}


For the Java client, pass SSLContext to the sslContext function inside the config block:




{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="25-31"}


Jetty {id="jetty"}


For Jetty, you need to create an instance of SslContextFactory and pass SSLContext:




{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="32-38"}


CIO {id="cio"}


The CIO engine allows you to configure HTTPS settings inside the https block.
Inside this block, you can access TLS parameters provided by TLSConfigBuilder.
In our example, a TrustManager instance is used to configure a certificate:




{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="39-45"}




The sockets-client-tls example shows how to trust all certificates.
This approach should be used for development purposes only.




Android {id="android"}


The Android engine uses the sslManager property to configure SSL settings.
This property accepts HttpsURLConnection as a parameter that allows you to pass SSLSocketFactory:




{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="46-52"}


OkHttp {id="okhttp"}


To configure OkHttp for using SSL, you need to pass SSLSocketFactory and X509TrustManager to the sslSocketFactory function:




{src="snippets/client-ssl-config/src/main/kotlin/com/example/Application.kt" lines="53-59"}