java - How to set the list of ciphers and protocols to be used for sockets created by using HttpsURLConnection?

Question

The normal way to get an SSLSocketFactory would be to initialize a new SSLContext with a TrustManager, KeyManager and SecureRandom and use the getSocketFactory() method. However, this does not allow me to enable the required cipher suites or protocols.

The only configuration that HttpsURLConnection permits that would allow such a change is by setting its default SSLSocketFactory. I can create a class that extends SSLSocketFactory and override the getDefaultCipherSuites() method and wrap the sockets created by createSocket() to have the required ciphers and protocols set. However, this method does not allow me to initialize a TrustManager for the connection?

Is there a method I can do both - set cipher suites and protocols and initialize a trust manager?

Answer 1

Take the SSLSocketFactory obtained by SSLContext.getSocketFactory() and wrap it in a custom subclass of SSLSocketFactory, which delegates to the one obtained from SSLContext, but in createSocket() also sets the required cipher.