Comments (7)
It seems this default behavior comes from AsyncHttpClient's Netty provider
It may be beneficial for you others to re-post this issue in that library's issue tracker. Here's the repo. The benefit of doing so is that dispatch and all other libraries built on top of async http client can pick up the upstream fix.
related
- https://groups.google.com/forum/#!topic/asynchttpclient/wgaAs3lszbI
- http://sonatype.github.io/async-http-client/ssl.html
- http://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/
from reboot.
But feel free to send pull requests here as well.
from reboot.
As of 0.11.3, this seems to be fixed (due to a Netty provider change?).
from reboot.
Ran into this: AsyncHttpClient/async-http-client#991
Dispatch still uses SSLv2 and SSLv3 so this issue is definitely not done. If you guys upgrade to AsyncHttpClient 1.9.31 instead, this will fix the issue, as AHC will provide sane enabledProtocol defaults.
from reboot.
Alternative workaround is to manually bump your AHC version to 1.9.31 in sbt/gradle/maven/etc:
Or put this:
val config = new AsyncHttpClientConfig.Builder()
.setUserAgent("Dispatch/%s" format BuildInfo.version)
.setEnabledProtocols(Array[String]("TLSv1.2", "TLSv1.1", "TLSv1"))
.build
val client = new AsyncHttpClient(config)
Http(client)
from reboot.
Dispatch >= 0.12.x is using a version of AHC that should have this bug fixed.
Given the nature of this bug I'm going to classify this as a critical security issue and issue a build named 0.11.4 that upgrades the AHC client for that version to 1.9.40.
from reboot.
Dispatch v0.11.4 has been released and should be on Maven Central shortly. AHC has been bumped to verison 1.19.40 in that release, which should resolve this issue.
from reboot.
Related Issues (20)
- Updating from 0.8 to 0.13 HOT 5
- Upgrade lift-json module for Lift 3.1.0
- Provide plain-english alternatives to every method in the symbolic DSL
- Bump to AHC to 2.0.33
- Possible domain / group id change HOT 4
- Implement implicit vs explicit verb setting
- Cross-build / abstract against AHC HOT 1
- Investigate different thread allocation semantics under the hood
- Please publish a version for Scala 2.13.0-RC1 HOT 15
- sbt eviction notice HOT 1
- Incorrect UriEncoding of emoji characters HOT 1
- setting request body with << changes method from PUT to POST HOT 6
- Requesting URLs with custom parameters is not possible HOT 6
- Emoji character in domains not recognized correctly (punycode) HOT 1
- Emoji character in domains not recognized correctly (punycode) HOT 8
- Rename primary branch HOT 1
- Add support for Scala 2.13 HOT 1
- Add support for Dotty HOT 5
- Update scala-xml dependency to version 2
- Set up dependency update for this repository
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reboot.