pekko/akka-docs-dev/rst/scala/http/client-side/https-support.rst

.. _clientSideHTTPS:

Client-Side HTTPS Support
=========================

Akka HTTP supports TLS encryption on the client-side as well as on the :ref:`server-side <serverSideHTTPS>`.

The central vehicle for configuring encryption is the ``HttpsContext``, which is defined as such:

.. includecode2:: /../../akka-http-core/src/main/scala/akka/http/scaladsl/Http.scala
   :snippet: https-context-impl

In addition to the ``outgoingConnection``, ``newHostConnectionPool`` and ``cachedHostConnectionPool`` methods the
`akka.http.scaladsl.Http`_ extension also defines ``outgoingConnectionTls``, ``newHostConnectionPoolTls`` and
``cachedHostConnectionPoolTls``. These methods work identically to their counterparts without the ``-Tls`` suffix,
with the exception that all connections will always be encrypted.

The ``singleRequest`` and ``superPool`` methods determine the encryption state via the scheme of the incoming request,
i.e. requests to an "https" URI will be encrypted, while requests to an "http" URI won't.

The encryption configuration for all HTTPS connections, i.e. the ``HttpsContext`` is determined according to the
following logic:

1. If the optional ``httpsContext`` method parameter is defined it contains the configuration to be used (and thus
   takes precedence over any potentially set default client-side ``HttpsContext``).

2. If the optional ``httpsContext`` method parameter is undefined (which is the default) the default client-side
   ``HttpsContext`` is used, which can be set via the ``setDefaultClientHttpsContext`` on the ``Http`` extension.

3. If no default client-side ``HttpsContext`` has been set via the ``setDefaultClientHttpsContext`` on the ``Http``
   extension the default system configuration is used.

Usually the process is, if the default system TLS configuration is not good enough for your application's needs,
that you configure a custom ``HttpsContext`` instance and set it via ``Http().setDefaultClientHttpsContext``.
Afterwards you simply use ``outgoingConnectionTls``, ``newHostConnectionPoolTls``, ``cachedHostConnectionPoolTls``,
``superPool`` or ``singleRequest`` without a specific ``httpsContext`` argument, which causes encrypted connections
to rely on the configured default client-side ``HttpsContext``.


.. _akka.http.scaladsl.Http: @github@/akka-http-core/src/main/scala/akka/http/scaladsl/Http.scala
=doc add client- and server-side HTTPS section for scala 2015-06-19 16:39:12 +02:00			`.. _clientSideHTTPS:`

=doc Significantly extend HTTP documentation with new content and ports from spray docs 2015-05-11 23:05:18 +02:00			`Client-Side HTTPS Support`
			`=========================`

=doc add client- and server-side HTTPS section for scala 2015-06-19 16:39:12 +02:00			Akka HTTP supports TLS encryption on the client-side as well as on the :ref:`server-side <serverSideHTTPS>`.

			The central vehicle for configuring encryption is the ``HttpsContext``, which is defined as such:

			`.. includecode2:: /../../akka-http-core/src/main/scala/akka/http/scaladsl/Http.scala`
			`:snippet: https-context-impl`

			In addition to the ``outgoingConnection``, ``newHostConnectionPool`` and ``cachedHostConnectionPool`` methods the
			`akka.http.scaladsl.Http`_ extension also defines ``outgoingConnectionTls``, ``newHostConnectionPoolTls`` and
			``cachedHostConnectionPoolTls``. These methods work identically to their counterparts without the ``-Tls`` suffix,
			`with the exception that all connections will always be encrypted.`

			The ``singleRequest`` and ``superPool`` methods determine the encryption state via the scheme of the incoming request,
			`i.e. requests to an "https" URI will be encrypted, while requests to an "http" URI won't.`

			The encryption configuration for all HTTPS connections, i.e. the ``HttpsContext`` is determined according to the
			`following logic:`

+doc #18012 port client-side https documentation to the java-side 2015-07-20 11:14:25 +02:00			1. If the optional ``httpsContext`` method parameter is defined it contains the configuration to be used (and thus
=doc add client- and server-side HTTPS section for scala 2015-06-19 16:39:12 +02:00			takes precedence over any potentially set default client-side ``HttpsContext``).

+doc #18012 port client-side https documentation to the java-side 2015-07-20 11:14:25 +02:00			2. If the optional ``httpsContext`` method parameter is undefined (which is the default) the default client-side
=doc add client- and server-side HTTPS section for scala 2015-06-19 16:39:12 +02:00			``HttpsContext`` is used, which can be set via the ``setDefaultClientHttpsContext`` on the ``Http`` extension.

			3. If no default client-side ``HttpsContext`` has been set via the ``setDefaultClientHttpsContext`` on the ``Http``
			`extension the default system configuration is used.`

			`Usually the process is, if the default system TLS configuration is not good enough for your application's needs,`
			that you configure a custom ``HttpsContext`` instance and set it via ``Http().setDefaultClientHttpsContext``.
			Afterwards you simply use ``outgoingConnectionTls``, ``newHostConnectionPoolTls``, ``cachedHostConnectionPoolTls``,
+doc #18012 port client-side https documentation to the java-side 2015-07-20 11:14:25 +02:00			``superPool`` or ``singleRequest`` without a specific ``httpsContext`` argument, which causes encrypted connections
=doc add client- and server-side HTTPS section for scala 2015-06-19 16:39:12 +02:00			to rely on the configured default client-side ``HttpsContext``.


			`.. _akka.http.scaladsl.Http: @github@/akka-http-core/src/main/scala/akka/http/scaladsl/Http.scala`