From f4eb730de499660f8f8eeabdd2a703e545d35aca Mon Sep 17 00:00:00 2001
From: mouadh-dev <mouadh.laa@gmail.com>
Date: Mon, 23 Mar 2026 17:16:07 +0100
Subject: [PATCH]  Fix: Add configurable TLS version support to PusherOptions

---
 build.gradle                                  | 50 ++-----------------
 gradle/wrapper/gradle-wrapper.properties      |  2 +-
 .../java/com/pusher/client/PusherOptions.java | 10 ++++
 .../websocket/WebSocketClientWrapper.java     |  4 +-
 .../client/util/BaseHttpAuthClient.java       | 15 ++++++
 .../java/com/pusher/client/util/Factory.java  |  4 +-
 .../java/com/pusher/client/EndToEndTest.java  |  2 +-
 .../client/TestWebSocketClientWrapper.java    |  6 +--
 .../websocket/WebSocketClientWrapperTest.java |  2 +-
 9 files changed, 39 insertions(+), 56 deletions(-)

diff --git a/build.gradle b/build.gradle
index 8a23bcf4..8329000c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,32 +1,12 @@
-import org.apache.tools.ant.filters.ReplaceTokens
-
-buildscript {
-    repositories {
-        mavenCentral()
-    }
-    dependencies {
-        classpath 'org.ajoberstar:gradle-git:1.1.0'
-    }
-}
-
 plugins {
     id "eclipse"
     id "jacoco"
     id "java-library"
     id "maven-publish"
-    id "org.ajoberstar.github-pages" version "1.7.2"
-    id "signing"
-}
-
-def getProperty = { property ->
-    if (!project.hasProperty(property)) {
-        throw new GradleException("${property} property must be set")
-    }
-    return project.property(property)
 }
 
 group = "com.pusher"
-version = "2.4.4"
+version = "2.4.5"
 sourceCompatibility = "1.8"
 targetCompatibility = "1.8"
 
@@ -55,6 +35,7 @@ dependencies {
     testImplementation "com.google.truth:truth:1.0.1"
 }
 
+import org.apache.tools.ant.filters.ReplaceTokens
 
 processResources {
     filter(ReplaceTokens, tokens: [
@@ -62,13 +43,9 @@ processResources {
     ])
 }
 
-
 javadoc {
-    /* info for JavaDoc options http://docs.oracle.com/javase/6/docs/technotes/tools/windows/javadoc.html#overviewcomment */
     title "Pusher Java Websocket API"
     options.overview = file("src/main/javadoc/overview.html")
-    // uncomment this to use the custom javadoc styles
-    //options.stylesheetFile = file("src/main/javadoc/css/styles.css")
     exclude "com/pusher/client/channel/impl/*"
     exclude "com/pusher/client/connection/impl/*"
     exclude "com/pusher/client/connection/websocket/*"
@@ -79,7 +56,6 @@ javadoc {
     options.linkSource = true
 }
 
-
 jar {
     manifest = project.manifest {
         from sharedManifest
@@ -97,32 +73,18 @@ task fatJar(type: Jar, dependsOn: configurations.runtimeClasspath) {
 }
 assemble.dependsOn fatJar
 
-
 task sourcesJar(type: Jar, dependsOn: classes) {
     archiveClassifier.set('sources')
     from sourceSets.main.allSource
 }
 assemble.dependsOn sourcesJar
 
-
 task javadocJar(type: Jar, dependsOn: javadoc) {
     archiveClassifier.set('javadoc')
     from javadoc.destinationDir
 }
 assemble.dependsOn javadocJar
 
-githubPages {
-    repoUri = 'https://github.com/pusher/pusher-websocket-java.git'
-    pages {
-        from javadoc.outputs.files
-    }
-    commitMessage = "JavaDoc gh-pages for ${version}"
-    credentials {
-        username = { getProperty("github.username") }
-        password = { getProperty("github.password") }
-    }
-}
-
 artifacts {
     archives jar, fatJar, sourcesJar, javadocJar
 }
@@ -136,7 +98,6 @@ publishing {
     publications {
         mavenJava(MavenPublication) {
             artifactId = 'pusher-java-client'
-
             from components.java
             pom {
                 name = 'Pusher Java Client Library'
@@ -187,10 +148,6 @@ publishing {
     }
 }
 
-signing {
-    sign publishing.publications.mavenJava
-}
-
 jacoco {
     toolVersion = "0.8.8"
 }
@@ -201,9 +158,8 @@ jacocoTestReport {
     reports.csv.required = false
 }
 
-// Test Logging - https://stackoverflow.com/a/42425815/2623314
 test {
     testLogging {
         showStandardStreams = true
     }
-}
+}
\ No newline at end of file
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index e750102e..3ae1e2f1 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/src/main/java/com/pusher/client/PusherOptions.java b/src/main/java/com/pusher/client/PusherOptions.java
index 07b520f6..e6aa371f 100644
--- a/src/main/java/com/pusher/client/PusherOptions.java
+++ b/src/main/java/com/pusher/client/PusherOptions.java
@@ -10,6 +10,7 @@
  */
 public class PusherOptions {
 
+    private String tlsVersion = "TLS";
     private static final String SRC_LIB_DEV_VERSION = "@version@";
     private static final String LIB_DEV_VERSION = "0.0.0-dev";
     public static final String LIB_VERSION = readVersionFromProperties();
@@ -44,6 +45,15 @@ public class PusherOptions {
     private int maxReconnectionAttempts = MAX_RECONNECTION_ATTEMPTS;
     private int maxReconnectGapInSeconds = MAX_RECONNECT_GAP_IN_SECONDS;
 
+    public PusherOptions setTlsVersion(String tlsVersion) {
+        this.tlsVersion = tlsVersion;
+        return this;
+    }
+
+    public String getTlsVersion() {
+        return tlsVersion;
+    }
+
     /**
      * @deprecated Please use isUseTLS
      */
diff --git a/src/main/java/com/pusher/client/connection/websocket/WebSocketClientWrapper.java b/src/main/java/com/pusher/client/connection/websocket/WebSocketClientWrapper.java
index dce87736..be64700f 100644
--- a/src/main/java/com/pusher/client/connection/websocket/WebSocketClientWrapper.java
+++ b/src/main/java/com/pusher/client/connection/websocket/WebSocketClientWrapper.java
@@ -24,12 +24,12 @@ public class WebSocketClientWrapper extends WebSocketClient {
     private static final String WSS_SCHEME = "wss";
     private WebSocketListener webSocketListener;
 
-    public WebSocketClientWrapper(final URI uri, final Proxy proxy, final WebSocketListener webSocketListener)
+    public WebSocketClientWrapper(final URI uri, final Proxy proxy, final WebSocketListener webSocketListener, String tlsVersion)
             throws SSLException {
         super(uri);
         if (uri.getScheme().equals(WSS_SCHEME)) {
             try {
-                SSLContext sslContext = SSLContext.getInstance("TLS");
+                SSLContext sslContext = SSLContext.getInstance(tlsVersion);
                 sslContext.init(null, null, null); // will use java's default
                 // key and trust store which
                 // is sufficient unless you
diff --git a/src/main/java/com/pusher/client/util/BaseHttpAuthClient.java b/src/main/java/com/pusher/client/util/BaseHttpAuthClient.java
index 1a82845e..fdb68eae 100644
--- a/src/main/java/com/pusher/client/util/BaseHttpAuthClient.java
+++ b/src/main/java/com/pusher/client/util/BaseHttpAuthClient.java
@@ -1,5 +1,6 @@
 package com.pusher.client.util;
 
+import javax.net.ssl.SSLSocketFactory;
 import java.io.BufferedReader;
 import java.io.DataOutputStream;
 import java.io.IOException;
@@ -22,6 +23,7 @@ abstract class BaseHttpAuthClient {
     private final URL endPoint;
     private Map<String, String> mHeaders = new HashMap<>();
     protected ConnectionFactory mConnectionFactory;
+    protected SSLSocketFactory mSslSocketFactory = null;
 
     /**
      * Creates a new auth client.
@@ -61,6 +63,15 @@ public void setHeaders(final Map<String, String> headers) {
         mHeaders = headers;
     }
 
+    /**
+     * Set the SSL socket factory that is used for the connection. This allows to
+     * configure custom certificate handling (self-signed certificates, mutual TLS, ...)
+     * @param sslSocketFactory The SSL socket factory to use
+     */
+    public void setSslSocketFactory(final SSLSocketFactory sslSocketFactory) {
+        mSslSocketFactory = sslSocketFactory;
+    }
+
     /**
      * Identifies if the HTTP request will be sent over HTTPS.
      *
@@ -92,6 +103,10 @@ protected String performAuthRequest() {
             HttpURLConnection connection;
             if (isSSL()) {
                 connection = (HttpsURLConnection) endPoint.openConnection();
+                if(mSslSocketFactory != null) {
+                    ((HttpsURLConnection) connection)
+                            .setSSLSocketFactory(mSslSocketFactory);
+                }
             } else {
                 connection = (HttpURLConnection) endPoint.openConnection();
             }
diff --git a/src/main/java/com/pusher/client/util/Factory.java b/src/main/java/com/pusher/client/util/Factory.java
index 98f21209..43a6fe26 100644
--- a/src/main/java/com/pusher/client/util/Factory.java
+++ b/src/main/java/com/pusher/client/util/Factory.java
@@ -51,6 +51,7 @@ public class Factory {
     private ExecutorService eventQueue;
     private ScheduledExecutorService timers;
     private static final Object eventLock = new Object();
+    private String tlsVersion = "TLS";
 
     public synchronized InternalConnection getConnection(
             final String apiKey,
@@ -58,6 +59,7 @@ public synchronized InternalConnection getConnection(
             final Consumer<PusherEvent> eventHandler
     ) {
         if (connection == null) {
+            tlsVersion = options.getTlsVersion(); // ← add this line
             try {
                 connection =
                         new WebSocketConnection(
@@ -82,7 +84,7 @@ public WebSocketClientWrapper newWebSocketClientWrapper(
             final Proxy proxy,
             final WebSocketListener webSocketListener
     ) throws SSLException {
-        return new WebSocketClientWrapper(uri, proxy, webSocketListener);
+        return new WebSocketClientWrapper(uri, proxy, webSocketListener, tlsVersion); // ← use field
     }
 
     public synchronized ScheduledExecutorService getTimers() {
diff --git a/src/test/java/com/pusher/client/EndToEndTest.java b/src/test/java/com/pusher/client/EndToEndTest.java
index d4524175..0bad9792 100644
--- a/src/test/java/com/pusher/client/EndToEndTest.java
+++ b/src/test/java/com/pusher/client/EndToEndTest.java
@@ -111,7 +111,7 @@ public WebSocketClientWrapper answer(final InvocationOnMock invocation) throws T
                                 final URI uri = (URI) invocation.getArguments()[0];
                                 final Proxy proxy = (Proxy) invocation.getArguments()[1];
                                 final WebSocketListener webSocketListener = (WebSocketListener) invocation.getArguments()[2];
-                                testWebsocket = new TestWebSocketClientWrapper(uri, proxy, webSocketListener);
+                                testWebsocket = new TestWebSocketClientWrapper(uri, proxy, webSocketListener, "TLSv1.3");
                                 return testWebsocket;
                             }
                         }
diff --git a/src/test/java/com/pusher/client/TestWebSocketClientWrapper.java b/src/test/java/com/pusher/client/TestWebSocketClientWrapper.java
index b2598d4c..a4569289 100644
--- a/src/test/java/com/pusher/client/TestWebSocketClientWrapper.java
+++ b/src/test/java/com/pusher/client/TestWebSocketClientWrapper.java
@@ -17,12 +17,12 @@
 
 public class TestWebSocketClientWrapper extends WebSocketClientWrapper {
 
-    private final List<String> messagesSent = new ArrayList<String>();
+    private final List<String> messagesSent = new ArrayList<>();
     private boolean connectCalled = false;
 
-    public TestWebSocketClientWrapper(final URI uri, final Proxy proxy, final WebSocketListener webSocketListener)
+    public TestWebSocketClientWrapper(final URI uri, final Proxy proxy, final WebSocketListener webSocketListener, String tlsVersion)
             throws SSLException {
-        super(uri, proxy, webSocketListener);
+        super(uri, proxy, webSocketListener, tlsVersion);
     }
 
     void assertConnectCalled() {
diff --git a/src/test/java/com/pusher/client/connection/websocket/WebSocketClientWrapperTest.java b/src/test/java/com/pusher/client/connection/websocket/WebSocketClientWrapperTest.java
index 6fc2a5c1..d894a83a 100644
--- a/src/test/java/com/pusher/client/connection/websocket/WebSocketClientWrapperTest.java
+++ b/src/test/java/com/pusher/client/connection/websocket/WebSocketClientWrapperTest.java
@@ -31,7 +31,7 @@ public class WebSocketClientWrapperTest {
 
     @Before
     public void setUp() throws URISyntaxException, SSLException {
-        wrapper = new WebSocketClientWrapper(new URI("http://www.test.com"), mockProxy, mockListener);
+        wrapper = new WebSocketClientWrapper(new URI("http://www.test.com"), mockProxy, mockListener,"TLSV13");
     }
 
     @Test