Revert changes to telemetry SSL requirements

mgaffigan · mgaffigan · commit cb867db5ebe3 · 2025-06-05T14:23:24.000-05:00
Signed-off-by: Mitch Gaffigan &lt;mitch.gaffigan@comcast.net&gt;
diff --git a/server/src/com/mirth/connect/client/core/ConnectServiceUtil.java b/server/src/com/mirth/connect/client/core/ConnectServiceUtil.java
@@ -36,8 +36,11 @@
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.protocol.HttpClientContext;
 import org.apache.http.client.utils.HttpClientUtils;
+import org.apache.http.config.RegistryBuilder;
 import org.apache.http.config.SocketConfig;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContexts;
 import org.apache.http.entity.ContentType;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
@@ -55,6 +58,7 @@
 import com.mirth.connect.model.User;
 import com.mirth.connect.model.converters.ObjectXMLSerializer;
 import com.mirth.connect.model.notification.Notification;
+import com.mirth.connect.util.MirthSSLUtil;
 
 public class ConnectServiceUtil {
     private final static String URL_CONNECT_SERVER = BrandingConstants.CONNECT_SERVER_URL;
@@ -258,11 +262,14 @@ public static boolean sendStatistics(String serverId, String mirthVersion, boole
     }
 
     private static CloseableHttpClient getClient(String[] protocols, String[] cipherSuites) {
-        BasicHttpClientConnectionManager httpClientConnectionManager = new BasicHttpClientConnectionManager();
+        RegistryBuilder<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create();
+        String[] enabledProtocols = MirthSSLUtil.getEnabledHttpsProtocols(protocols);
+        String[] enabledCipherSuites = MirthSSLUtil.getEnabledHttpsCipherSuites(cipherSuites);
+        SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.createSystemDefault(), enabledProtocols, enabledCipherSuites, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
+        socketFactoryRegistry.register("https", sslConnectionSocketFactory);
+
+        BasicHttpClientConnectionManager httpClientConnectionManager = new BasicHttpClientConnectionManager(socketFactoryRegistry.build());
         httpClientConnectionManager.setSocketConfig(SocketConfig.custom().setSoTimeout(TIMEOUT).build());
-        return HttpClients.custom()
-            .useSystemProperties()
-            .setConnectionManager(httpClientConnectionManager)
-            .build();
+        return HttpClients.custom().setConnectionManager(httpClientConnectionManager).build();
     }
 }
