Async-http-client to a server that is 1) requires client to present client certificate 2) server is HTTP2 3) server is TLSv1.3

[patpatpat123]

Hello Team,

First of all, a big thanks for this http client, great project there!
I am enjoying using this http client, used. it to send request to some servers, and it is easy to use, efficient.

Now, I need to send to another server, and this other server is a bit problematic.
1 - this server requires all the clients to present the client certificates. The server will do some kind of OU CN extraction and validation.

2 - this server is HTTP2 only, does not accept HTTP1 etc

3 - this server is TLSv1.3 only, cannot go with 1.2 etc.

Therefore, I am having. bit of a trouble, now with this "other server"

I managed to tackle 1) I believe, as this async http client supports a security contact:

 try {
            final Path     keystorePath = Paths.get(keyStorePath);
            final KeyStore keyStore     = KeyStore.getInstance(keyStoreType);
            try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
                String keyStorePassPhrase;
                keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
            }
            final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());

            final Path     truststorePath = Paths.get(trustStorePath);
            final KeyStore trustStore     = KeyStore.getInstance(keyStoreType);
            try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
                trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
            }
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);

            return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
        } catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {
            return null;
        }
        AsyncHttpClientConfig asyncHttpClientConfig = Dsl.config().setSslContext(getSslContext()).build();
        

Unfortunately, above code will get protocol version exception.
May I ask, how to set as HTTP2 please?
How to set as TLSv1.3 please?

I would have excepted this client will allow something like this.

 AsyncHttpClientConfig asyncHttpClientConfig = Dsl.config().setSslContext(getSslContext()).setHTTPprotocole("H2").setTLSversion("TLSv1.3").build();
or
 AsyncHttpClientConfig asyncHttpClientConfig = Dsl.config(someHttp2AndTLSv1.3Config()).setSslContext(getSslContext()).build();

But looked at the docs many times, and could not find anything similar.

What would be the proper way please?

Thank you

[n-miles]

AHC does not support HTTP2

[patpatpat123]

Is it possible to have it as enhancement please?