Java SSL Proxy Examples
Complete guide with working examples for configuring SSL proxy in Java using HttpURLConnection, Apache HttpClient, and OkHttp libraries
HttpURLConnection
Apache HttpClient
OkHttp
HTTPS Proxy
What is an SSL Proxy?
An SSL proxy is a proxy server that handles encrypted HTTPS connections. When you make HTTP requests through an SSL proxy, the proxy terminates the SSL connection, processes the request, and establishes a new SSL connection to the target server.
Use Case: SSL proxies are commonly used for security compliance, IP whitelisting, and maintaining consistent IP addresses for API access.
HttpURLConnection (Built-in)
Basic SSL Proxy Configuration
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.util.Base64;
public class SSLProxyExample {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create proxy object
Proxy proxy = new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(PROXY_HOST, PROXY_PORT));
// Target URL
URL url = new URL("https://httpbin.org/ip");
// Create connection with proxy
HttpURLConnection connection = (HttpURLConnection) url.openConnection(proxy);
// Set proxy authentication
String auth = PROXY_USER + ":" + PROXY_PASS;
String encodedAuth = Base64.getEncoder().encodeToString(auth.getBytes());
connection.setRequestProperty("Proxy-Authorization", "Basic " + encodedAuth);
// Configure connection
connection.setRequestMethod("GET");
connection.setConnectTimeout(10000); // 10 seconds
connection.setReadTimeout(10000); // 10 seconds
// Get response
int responseCode = connection.getResponseCode();
System.out.println("Response Code: " + responseCode);
if (responseCode == 200) {
BufferedReader in = new BufferedReader(
new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuilder response = new StringBuilder();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println("Response: " + response.toString());
}
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
}Advanced SSL Configuration
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class AdvancedSSLProxyExample {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create custom SSL context (for development only)
SSLContext sslContext = createTrustAllSSLContext();
// Create proxy object
Proxy proxy = new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(PROXY_HOST, PROXY_PORT));
// Target URL
URL url = new URL("https://httpbin.org/ip");
// Create HTTPS connection with proxy
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(proxy);
// Set SSL context
connection.setSSLSocketFactory(sslContext.getSocketFactory());
// Set proxy authentication
String auth = PROXY_USER + ":" + PROXY_PASS;
String encodedAuth = Base64.getEncoder().encodeToString(auth.getBytes());
connection.setRequestProperty("Proxy-Authorization", "Basic " + encodedAuth);
// Configure connection
connection.setRequestMethod("GET");
connection.setConnectTimeout(15000);
connection.setReadTimeout(15000);
connection.setHostnameVerifier((hostname, session) -> true); // Only for development
// Get response
int responseCode = connection.getResponseCode();
System.out.println("Response Code: " + responseCode);
if (responseCode == 200) {
BufferedReader in = new BufferedReader(
new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuilder response = new StringBuilder();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println("Response: " + response.toString());
}
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
private static SSLContext createTrustAllSSLContext() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
return sslContext;
}
}Apache HttpClient (Popular Choice)
Basic SSL Proxy Configuration
Maven Dependency: Add this to your pom.xml
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
<version>5.2.3</version>
</dependency>import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.util.TimeValue;
import javax.net.ssl.SSLContext;
import java.util.concurrent.TimeUnit;
public class ApacheHttpClientProxyExample {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create SSL context
SSLContext sslContext = SSLContexts.createDefault();
// Create SSL socket factory
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
sslContext,
new String[]{"TLSv1.2", "TLSv1.3"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier()
);
// Create connection manager with connection pooling
PoolingHttpClientConnectionManager connectionManager =
PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslSocketFactory)
.setMaxConnTotal(100)
.setMaxConnPerRoute(20)
.build();
// Create request config with proxy
RequestConfig requestConfig = RequestConfig.custom()
.setProxy(new HttpHost(PROXY_HOST, PROXY_PORT))
.setConnectTimeout(15000, TimeUnit.MILLISECONDS)
.setResponseTimeout(15000, TimeUnit.MILLISECONDS)
.build();
// Create HTTP client with proxy credentials
try (CloseableHttpClient httpClient = HttpClients.custom()
.setConnectionManager(connectionManager)
.setDefaultRequestConfig(requestConfig)
.setProxyAuthenticationStrategy(new org.apache.hc.client5.http.auth.CredentialsProvider() {
@Override
public org.apache.hc.client5.http.auth.Credentials getCredentials(
org.apache.hc.client5.http.auth.AuthScope authScope,
org.apache.hc.client5.http.protocol.HttpContext context) {
return new org.apache.hc.client5.http.auth.UsernamePasswordCredentials(
PROXY_USER, PROXY_PASS.toCharArray());
}
})
.build()) {
// Create HTTP GET request
HttpGet httpGet = new HttpGet("https://httpbin.org/ip");
// Execute request
try (CloseableHttpResponse response = httpClient.execute(httpGet)) {
System.out.println("Response Code: " + response.getCode());
String responseBody = EntityUtils.toString(response.getEntity());
System.out.println("Response: " + responseBody);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}Advanced Configuration with Retry Strategy
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.impl.routing.DefaultProxyRoutePlanner;
import org.apache.hc.client5.http.routing.HttpRoutePlanner;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.client5.http.ServiceUnavailableRetryStrategy;
import javax.net.ssl.SSLContext;
import java.util.concurrent.TimeUnit;
public class AdvancedApacheHttpClientProxy {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create SSL context
SSLContext sslContext = SSLContexts.createDefault();
// Create SSL socket factory
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
sslContext,
new String[]{"TLSv1.2", "TLSv1.3"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier()
);
// Create connection manager
PoolingHttpClientConnectionManager connectionManager =
PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslSocketFactory)
.setMaxConnTotal(200)
.setMaxConnPerRoute(50)
.setConnectionTimeToLive(TimeValue.ofMinutes(5))
.build();
// Create proxy host
HttpHost proxy = new HttpHost(PROXY_HOST, PROXY_PORT);
// Create route planner
HttpRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxy);
// Create retry strategy
ServiceUnavailableRetryStrategy retryStrategy = new ServiceUnavailableRetryStrategy() {
@Override
public boolean retryRequest(org.apache.hc.core5.http.HttpResponse response,
int executionCount, org.apache.hc.core5.http.protocol.HttpContext context) {
return executionCount <= 3 &&
response.getCode() >= 500 &&
response.getCode() <= 599;
}
@Override
public long getRetryInterval() {
return 2000; // 2 seconds
}
};
// Create credentials provider
org.apache.hc.client5.http.auth.CredentialsProvider credentialsProvider =
new org.apache.hc.client5.http.auth.BasicCredentialsProvider();
credentialsProvider.setCredentials(
new org.apache.hc.client5.http.auth.AuthScope(PROXY_HOST, PROXY_PORT),
new org.apache.hc.client5.http.auth.UsernamePasswordCredentials(
PROXY_USER, PROXY_PASS.toCharArray())
);
// Create HTTP client
try (CloseableHttpClient httpClient = HttpClients.custom()
.setConnectionManager(connectionManager)
.setRoutePlanner(routePlanner)
.setDefaultCredentialsProvider(credentialsProvider)
.setServiceUnavailableRetryStrategy(retryStrategy)
.build()) {
// Create HTTP GET request
HttpGet httpGet = new HttpGet("https://httpbin.org/ip");
// Execute request
try (CloseableHttpResponse response = httpClient.execute(httpGet)) {
System.out.println("Response Code: " + response.getCode());
String responseBody = EntityUtils.toString(response.getEntity());
System.out.println("Response: " + responseBody);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}OkHttp (Modern & Efficient)
Basic SSL Proxy Configuration
Dependencies: Add one of these to your build configuration
# Gradle
implementation 'com.squareup.okhttp3:okhttp:4.12.0'
# Maven
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>4.12.0</version>
</dependency>import okhttp3.*;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
public class OkHttpProxyExample {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create proxy object
java.net.Proxy proxy = new java.net.Proxy(
java.net.Proxy.Type.HTTP,
new java.net.InetSocketAddress(PROXY_HOST, PROXY_PORT)
);
// Create authenticator for proxy
Authenticator proxyAuthenticator = (route, response) -> {
String credential = Credentials.basic(PROXY_USER, PROXY_PASS);
return response.request().newBuilder()
.header("Proxy-Authorization", credential)
.build();
};
// Create OkHttpClient with proxy
OkHttpClient client = new OkHttpClient.Builder()
.proxy(proxy)
.proxyAuthenticator(proxyAuthenticator)
.connectTimeout(15, TimeUnit.SECONDS)
.readTimeout(15, TimeUnit.SECONDS)
.writeTimeout(15, TimeUnit.SECONDS)
.build();
// Create request
Request request = new Request.Builder()
.url("https://httpbin.org/ip")
.build();
// Execute request
try (Response response = client.newCall(request).execute()) {
System.out.println("Response Code: " + response.code());
if (response.isSuccessful()) {
String responseBody = response.body().string();
System.out.println("Response: " + responseBody);
} else {
System.out.println("Request failed: " + response.message());
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}Advanced Configuration with Connection Pool and SSL
import okhttp3.*;
import javax.net.ssl.*;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
public class AdvancedOkHttpProxyExample {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create connection pool
ConnectionPool connectionPool = new ConnectionPool(20, 5, TimeUnit.MINUTES);
// Create proxy object
java.net.Proxy proxy = new java.net.Proxy(
java.net.Proxy.Type.HTTP,
new java.net.InetSocketAddress(PROXY_HOST, PROXY_PORT)
);
// Create authenticator for proxy
Authenticator proxyAuthenticator = (route, response) -> {
String credential = Credentials.basic(PROXY_USER, PROXY_PASS);
return response.request().newBuilder()
.header("Proxy-Authorization", credential)
.build();
};
// Create SSL context for production (trust all certificates for development only)
SSLContext sslContext = createTrustAllSSLContext();
// Create SSL socket factory
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// Create trust manager that trusts all certificates (development only)
X509TrustManager trustAllCerts = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
};
// Create OkHttpClient with advanced configuration
OkHttpClient client = new OkHttpClient.Builder()
.connectionPool(connectionPool)
.proxy(proxy)
.proxyAuthenticator(proxyAuthenticator)
.sslSocketFactory(sslSocketFactory, trustAllCerts)
.hostnameVerifier((hostname, session) -> true) // Only for development
.connectTimeout(30, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.writeTimeout(30, TimeUnit.SECONDS)
.callTimeout(60, TimeUnit.SECONDS)
.retryOnConnectionFailure(true)
.build();
// Create request
Request request = new Request.Builder()
.url("https://httpbin.org/ip")
.header("User-Agent", "MyJavaApp/1.0")
.build();
// Execute request
try (Response response = client.newCall(request).execute()) {
System.out.println("Response Code: " + response.code());
System.out.println("Response Message: " + response.message());
System.out.println("Response Headers: " + response.headers());
if (response.isSuccessful()) {
String responseBody = response.body().string();
System.out.println("Response: " + responseBody);
} else {
System.out.println("Request failed: " + response.code() + " " + response.message());
}
}
// Shutdown connection pool
connectionPool.evictAll();
} catch (Exception e) {
e.printStackTrace();
}
}
private static SSLContext createTrustAllSSLContext() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
return sslContext;
}
}Async Example with Callbacks
import okhttp3.*;
import java.io.IOException;
public class AsyncOkHttpProxyExample {
private static final String PROXY_HOST = "proxy.outboundgateway.com";
private static final int PROXY_PORT = 443;
private static final String PROXY_USER = "your_username";
private static final String PROXY_PASS = "your_password";
public static void main(String[] args) {
try {
// Create proxy object
java.net.Proxy proxy = new java.net.Proxy(
java.net.Proxy.Type.HTTP,
new java.net.InetSocketAddress(PROXY_HOST, PROXY_PORT)
);
// Create authenticator for proxy
Authenticator proxyAuthenticator = (route, response) -> {
String credential = Credentials.basic(PROXY_USER, PROXY_PASS);
return response.request().newBuilder()
.header("Proxy-Authorization", credential)
.build();
};
// Create OkHttpClient
OkHttpClient client = new OkHttpClient.Builder()
.proxy(proxy)
.proxyAuthenticator(proxyAuthenticator)
.build();
// Create request
Request request = new Request.Builder()
.url("https://httpbin.org/ip")
.build();
// Execute async request
client.newCall(request).enqueue(new Callback() {
@Override
public void onFailure(Call call, IOException e) {
System.err.println("Request failed: " + e.getMessage());
e.printStackTrace();
}
@Override
public void onResponse(Call call, Response response) throws IOException {
try {
System.out.println("Response Code: " + response.code());
if (response.isSuccessful()) {
String responseBody = response.body().string();
System.out.println("Response: " + responseBody);
} else {
System.out.println("Request failed: " + response.code() + " " + response.message());
}
} finally {
response.close();
}
}
});
// Wait for async response (in real app, you'd use proper threading)
Thread.sleep(5000);
} catch (Exception e) {
e.printStackTrace();
}
}
}SSL Proxy Best Practices
1. Always Use HTTPS
Never send credentials or sensitive data over unencrypted connections when using proxies.
2. Use Connection Pooling
Reuse connections for better performance, especially for high-frequency API calls.
3. Set Proper Timeouts
Configure appropriate connection and read timeouts to prevent hanging connections.
4. Handle SSL Certificate Verification
Always verify SSL certificates in production. Disable verification only for development.
5. Implement Error Handling
Handle proxy authentication failures, SSL errors, and connection timeouts gracefully.
Common Issues and Solutions
SSLHandshakeException
Solution: Check SSL context configuration and ensure proper certificate trust chain.
407 Proxy Authentication Required
Solution: Verify proxy credentials and ensure proper Base64 encoding.
ConnectTimeoutException
Solution: Increase timeout values or check network connectivity to proxy server.
UnknownHostException
Solution: Ensure proxy server host can be resolved or use IP addresses directly.
Ready to Use SSL Proxy in Java?
Get your static SSL proxy IPs today and start making secure HTTPS connections with consistent IP addresses for compliance and security requirements.
Get Started with OutboundGatewayRelated SSL Proxy Guides
Python SSL Proxy
Complete Python examples using requests, urllib3, and aiohttp libraries.
View Python Guide →Node.js SSL Proxy
JavaScript/Node.js implementation with axios, fetch, and undici libraries.
View Node.js Guide →PHP SSL Proxy
Web-focused proxy configuration with cURL, Guzzle, and Symfony HTTP Client.
View PHP Guide →📖 Language Comparison: Looking for the best approach? Python offers excellent libraries like requests and aiohttp, while Node.js provides native async support. Java is ideal for enterprise applications, PHP works well for web applications, and cURL is perfect for shell scripting.