HttpClient
implementations should not be used JAVA-S1067The DefaultHttpClient
class has been deprecated since Apache httpclient library version 4.3
. Avoid using it, as it does not make use of the latest TLS standard, leading to the possibility of a MiTM (Man in The Middle) attack.
HttpClient client = new DefaultHttpClient();
There are a number of alternatives you can use instead.
Set the http.protocols
system property to take advantage of the latest TLS version:
java ... -Dhttps.protocols=TLSv1.2,TLSv1.3
Now, you can make use of one of the following alternatives to create a suitable HttpClient
.
HttpClient client = HttpClients.createSystem();
HttpClient client = HttpClientBuilder.create().useSystemProperties().build();