google-app-engine


Force TLS 1.2 on appengine dev server SDK


This is similar to this question: Force TLS > 1.0 on AppEngine local development server in Java except that the answer doesn't work because it assumes a static SDK location(?).
I have a Google App Engine application that uses a third party payment library (braintree) that communicates over HTTPS using TLSv1.2. However, whenever the braintree library makes calls to the braintree sandbox environment the resulting urlfetch always gives the following error:
Caused by: javax.net.ssl.SSLHandshakeException: Could not verify SSL certificate for URL: https://api.sandbox.braintreegateway.com:443/merchants/**********/client_token
at com.google.appengine.api.urlfetch.URLFetchServiceImpl.convertApplicationException(URLFetchServiceImpl.java:174)
at com.google.appengine.api.urlfetch.URLFetchServiceImpl.fetch(URLFetchServiceImpl.java:43)
at com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.fetchResponse(URLFetchServiceStreamHandler.java:543)
at com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.getInputStream(URLFetchServiceStreamHandler.java:422)
at com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler$Connection.getResponseCode(URLFetchServiceStreamHandler.java:275)
at com.braintreegateway.util.Http.httpRequest(Http.java:120)
Whilst this error only happens on the App Engine development server (and not when deployed into App Engine land), it still means that I can't test the stuff I need to in development.
According to this: https://groups.google.com/forum/#!topic/google-appengine-stackoverflow/tdr4T1CJRn8 the problem is that App Engine isn't using TLSv1.2.
My application is an App Engine app (Standard Environment) using the SDK version 1.9.26.
The appengine section of my gradle configuration looks like so:
appengine {
httpAddress = "0.0.0.0"
httpPort = 8888
downloadSdk = false
appcfg {
update {
useJava7 = true
}
jvmFlags = ['-Ddatastore.backing_store=../../src/main/webapp/WEB-INF/appengine-generated/local_db.bin',
// Desperation:
'-Ddeployment.security.TLSv1.0=false',
'-Ddeployment.security.TLSv1.1=false',
'-Ddeployment.security.TLSv1.2=true',
'-Dhttps.protocols=TLSv1.2',
'-Dappengine.fullscan.seconds=5',
'-Xdebug',
'-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8889',
'-XX:MaxPermSize=512m']
oauth2 = true
extraOptions = appCfgOpts
}
enhancer {
api = "jdo"
version = "v1"
enhanceOnBuild = true
}
}
I have tried updating the dev_appserver.sh in my local appengine-sdk directory to read:
exec "${RUN_JAVA}" "${SCRIPT_NAME}" \
-Dhttps.protocols=TLSv1.2 -Ddeployment.security.TLSv1.0=false -Ddeployment.security.TLSv1.1=false -Ddeployment.security.TLSv1.2=true -ea -cp "${JAR_FILE}" \
com.google.appengine.tools.KickStart \
com.google.appengine.tools.development.DevAppServerMain "$#"
and setting downloadSdk = false and setting the appengine.sdk.root so that the gradle appengineRun task actually uses it.
I cannot use Java 8.
I have also tried putting this in my code:
System.setProperty("https.protocols", "TLSv1.2");
None of this works. Either I'm barking up the wrong tree, and trying all the wrong things, or I'm doing something wrong.
How can I get this to work?
Update:
It looks like the problem is actually that the sslSocketFactory is never created, because urlfetch will never return an HttpsURLConnection (App Engine URLfetch to validate self-signed certificate)
Still searching for a resolution.

Related Links

Can the GAE Servlet code be accessest by anyone
Is there a way of checking if a Web Application or Website using the Google App Engine?
google endpoints on flex app engine
Deploy to Google App Engine via a GitHub Repo
Using App Engine Datastore over MySQL for a CRM System
Geospatial Query at Google App Engine Datastore
how to put in the top as a ad My website in google?
Google Cloud Datastore vs Cloud SQL
Flow when recording the audio in the client, keeping a copy in the server, process it using Speech API, and returning the text back to the client?
Unable to deploy project to google app engine
Google App Engine How to convert Json API result into Python display?
App Engine - How to create project in region us-central
Google App Engine redirecting all naked domain requests, causing letsencrypt to not work
CA/Root/SSL Certificates in Go - Too Old?
Can't access to my Google Cloud's App from http://localhost:8080
Connecting to Google Cloud SQL from External Applications

Categories

HOME
prism
socket.io
devise
owl-carousel
database-normalization
spring-data-mongodb
cq5
telegram-bot
nfs
syntaxnet
little-proxy
openstreetmap
text-mining
resultset
endpoint
symmetricds
docx
altera
glyphicons
dimensional-modeling
red5
easyphp
forgot-password
google-content-api
bourbon
libigl
gulp-watch
epsilon
tiki-wiki
android-maps
rpgle
exchangewebservices
failover
sqsh
panoramas
mobx
volatile
scatter3d
mustache
database-comparison
sharding
html-encode
jwplayer6
lubridate
flatmap
ogc
branching-and-merging
oracle-service-bus
pom.xml
magento-2.0.7
yii2-api
mschart
twilio-click-to-call
mongotemplate
magic-draw
sundials
type-theory
baidu
branch-prediction
myspace
ng-grid
cfchart
php-socket
cortex-m
ascii-art
asyncdisplaykit
ons-api
batik
dulwich
sha512
apache-commons-daemon
omnifaces
entity-framework-4.3
osc
gamekit
rapidsvn
showdialog
ssis-data-flow
metatrader5
machine-instruction
device-tree
genymotion-call
nsmenu
verold
amslidemenu
qscrollarea
bin
breakout
inputmismatchexception
fb.ui
android-sdk-2.3
midlet
garbage
entitydatasource
cdonts
qglwidget
instantiationexception
nstokenfield
sifr
data-mapping
glui
httpcookie
leader
mathematical-typesetting

Resources

Encrypt Message