I want to change TLS protocol settings in a http:Client just like in http:Listener class. Since they both support TLS configurations, I was able to change TLS configs in a Ballerina server, but was unable to do so in a Ballerina client.
This is the code I wrote for ballerina server. I checked with Wireshark that it uses TLS 1.2
listener http:Listener securedEP = new (9090,
secureSocket = {
key: {
certFile: "./serverpubliccert.crt",
keyFile: "./serverpvtkey.key"
},
protocol: {
name: "TLS",
versions: ["TLSv1.2"]
}
}
);
However, when I wrote the same way in a ballerina client, I got TLS 1.3 requests. (Verified in wireshark)
http:Client helloClient = check new ("localhost:9090",
secureSocket = {
enable: false,
protocol: {
name: "TLS",
versions: ["TLSv1.2"]
}
}
);
Setting enable: false in the secureSocket config, disables the client certificate validation. Setting it to true should work. But in that case, you should configure the server certificate as follows,
secureSocket = {
cert: "server.crt",
protocol: {
name: "TLS",
versions: ["TLSv1.2"]
}
}