Expose TLS protocol version setting when creating SSLContext?

[claj]

When comparing a reference implementation of an API integration in Java for porting it to Clojure and using hato, there are some settings that cannot be set through the ->SSLContext function, namely the TLS version (defaults to "TLS" in hato, I would like to be able to set it to "TLSv1.2" in this particular case).

Would it be welcome to add an optional key named :protocol in the hato.client/->SSLContext function - and specify that is optional key means the version of the TLS-protocol the documentation, defaults to "TLS"?

[gnarroway]

Hi, thanks for your interest. I don't mind a PR for this. Please include a test and readme.

For completeness just noting some options:

• You can also adjust it via java opts (jdk.tls.client.protocols and related) though that has broader impact.
• You can also pass in a manually constructed SslContext, but that is less convenient.
• Trying to set the protocol in the SslContext (via getInstance) seems to also have nuances (e.g. setting it to "TLSv1.2" will not prevent other TLS versions). But if passing in a manually constructed SslContext with the protocol set makes it work for you, then supporting this option should be fine.

[claj]

I'm still on this, but has been busy with other things. There will be a at least two weeks more until I'm done.