Java 8 如何使用javax.net.ssl.SSLContext设置密码套件
在使用java8的spring引导应用程序中,我将httpClient连接的底层SSLConext设置如下:Java 8 如何使用javax.net.ssl.SSLContext设置密码套件,java-8,apache-httpclient-4.x,sslcontext,Java 8,Apache Httpclient 4.x,Sslcontext,在使用java8的spring引导应用程序中,我将httpClient连接的底层SSLConext设置如下: import javax.net.ssl.SSLContext; SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(null, null, null); CloseableHttpClient httpClient = HttpClientBuilder
import javax.net.ssl.SSLContext;
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
CloseableHttpClient httpClient = HttpClientBuilder
.create()
.setConnectionManager(myConnectionManager)
.setDefaultRequestConfig(rqConfig)
.setSSLContext(sslContext)
.build();
我需要将底层TLS1.2安全连接的密码套件设置为我选择的更强的密码套件。我在代码中创建sslContext的方式无法实现这一点
有人能帮我用sslContext设置密码套件吗
===================更新=================
This is how I have now created my HttpClient
CloseableHttpClient httpClient = HttpClientBuilder
.create()
.setConnectionManager(myConnectionManager)
.setDefaultRequestConfig(rqConfig)
.setSSLSocketFactory(new SSLConnectionSocketFactory(
SSLContexts.createSystemDefault(),
new String[]{"TLSv1.2"},
new String[] {"some-gibberish-cipher-suite"},
SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build();
创建自定义
SSLConnectionSocketFactory
实例时,可以指定首选TLS协议版本和自定义密码
CloseableHttpClient client = HttpClients.custom()
.setSSLSocketFactory(new SSLConnectionSocketFactory(
SSLContexts.createSystemDefault(),
new String[]{"TLSv1.2"},
new String[] {"TLS_RSA_WITH_AES_256_CBC_SHA256"},
SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://httpbin.org/"))) {
System.out.println(response.getStatusLine());
HttpEntity entity = response.getEntity();
EntityUtils.consume(entity);
}
或者,可以使用所需的SSL配置创建自定义PoollightTPClientConnectionManager
实例
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", new SSLConnectionSocketFactory(
SSLContexts.createSystemDefault(),
new String[]{"TLSv1.2"},
new String[]{"TLS_RSA_WITH_AES_256_CBC_SHA256"},
SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build());
CloseableHttpClient client = HttpClients.custom()
.setConnectionManager(cm)
.build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://httpbin.org/"))) {
System.out.println(response.getStatusLine());
HttpEntity entity = response.getEntity();
EntityUtils.consume(entity);
}
poolighttpclientconnectionmanager cm=new-poolighttpclientconnectionmanager(RegistryBuilder.create())
.register(“http”,PlainConnectionSocketFactory.getSocketFactory())
.register(“https”),新的SSLConnectionSocketFactory(
SSLContexts.createSystemDefault(),
新字符串[]{“TLSv1.2”},
新字符串[]{“TLS_RSA_WITH_AES_256_CBC_SHA256”},
SSLConnectionSocketFactory.getDefaultHostnameVerifier())
.build());
CloseableHttpClient=HttpClients.custom()
.setConnectionManager(cm)
.build();
try(CloseableHttpResponse response=client.execute(新建HttpGet(“https://httpbin.org/"))) {
System.out.println(response.getStatusLine());
HttpEntity=response.getEntity();
EntityUtils.consume(实体);
}
为什么当我输入任何关于密码的胡言乱语时,它工作正常,并且我从服务器得到了有效的响应。TLS框架是否对TLS调用中使用的密码套件进行了任何类型的验证?您正在做一些错误的事情,例如通过使用#setConnectionManager
设置连接管理器来放弃所有SSL自定义。请参阅HttpClientBuilder
javadoc。请检查我在本文中的更新以查看我当前拥有的代码。我的代码中的connectionManager似乎将覆盖sslconnectionSocketFactory。有什么方法可以同时使用这两种方法,还是可以分别使用connectionManager设置密码套件?请阅读HttpClientBuilder
的javadoc<代码>#SetssSocketFactory无效,因为#setConnectionManager
设置了完全初始化的连接管理器。顺便说一下;-)