DefaultHttpClient with default constructor is not secure

Metadata

ID: java-security/default-http-client-def-cons

Language: Java

Severity: Notice

Category: Security

Description

DefaultHttpClient with default constructor is not compatible with TLS 1.2. Make sure your HTTP client support advanced encryption protocols.

Learn more

Non-Compliant Code Examples

public Class {

    public void foobar(){
        HttpClient client = new DefaultHttpClient();
    }
}

Compliant Code Examples

public Class {

    public void foobar() {
        HttpClient client1 = HttpClients.createSystem();
        HttpClient client = HttpClientBuilder.create().useSystemProperties().build();
    }
}