To support higher TLS Version

[vijayakumaroorappan]

currently to get the jwk keys from discovery URL(https://login.microsoftonline.com/tenentID/discovery/v2.0/keys). It creates default URLConnection and TLS.
How we can create customized TLS connection. My server is disabled TLSv1 and TLSv1.1.
class:
public class UrlJwkProvider implements JwkProvider {
method:
private Map<String, Object> getJwks() throws SigningKeyNotFoundException {

URLConnection connection = (URLConnection) url.openConnection();

Something similar like this.
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());

[shivaniy24]

Hi

how can I add multiple prtocols instead of just one ?
this SSLContext.getInstance("TLSv1.2") allows since protocol only.
I have a list SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3 which I want to be able to use instead of just one. Is that possible ?

[jimmyjames]

Thanks for raising this; I don't believe this is currently possible but this is something we should look into adding.

[tanya732]

Hi @vijayakumaroorappan

Thank you for your patience.

We’ve opened PR #256 to address this. It introduces a JwksHttpClient interface and a .httpClient() option on JwkProviderBuilder, allowing you to plug in your own HTTP client and fully control how JWKS are fetched.

This addresses the limitations around customizing the HTTP layer (e.g., TLS, proxies, headers).

Please take a look when you get a chance. If there are no concerns, we’ll proceed with merging and releasing shortly.

Thank you

[tanya732]

Hi @vijayakumaroorappan

The fix has been merged via PR #256 and released in v0.24.0. The release is available on here.

Closing this issue. Feel free to ping here in case of any issues and I'll be happy to reopen.

Thank you for your patience and for raising this!