From 9ea16ad1d11172177b780f3113ce5a857634ab92 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Thu, 11 Aug 2016 20:59:26 -0400
Subject: [PATCH] skipped patch for Java 1.6 & 1.7 if the JRE is at least 1.8 -
 see issue #523

---
 .../org/owasp/dependencycheck/utils/URLConnectionFactory.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
index bfbb52773..8a50a33cc 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
@@ -31,6 +31,8 @@ import java.net.URL;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import javax.net.ssl.HttpsURLConnection;
+import org.apache.commons.lang3.JavaVersion;
+import org.apache.commons.lang3.SystemUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -189,7 +191,7 @@ public final class URLConnectionFactory {
      * @param conn the connection
      */
     private static void configureTLS(URL url, HttpURLConnection conn) {
-        if ("https".equals(url.getProtocol())) {
+        if ("https".equals(url.getProtocol()) && !SystemUtils.isJavaVersionAtLeast(JavaVersion.JAVA_1_8)) {
             try {
                 final HttpsURLConnection secCon = (HttpsURLConnection) conn;
                 final SSLSocketFactoryEx factory = new SSLSocketFactoryEx();