Java 如何将Conscrypt与ApacheHttpClient 5结合使用以加速TLS
建议在Apache HttpClient 5中使用Conscrypt的方法是什么 我已经尝试将Java 如何将Conscrypt与ApacheHttpClient 5结合使用以加速TLS,java,ssl,apache-httpcomponents,apache-httpclient-5.x,Java,Ssl,Apache Httpcomponents,Apache Httpclient 5.x,建议在Apache HttpClient 5中使用Conscrypt的方法是什么 我已经尝试将concrypt-openjdk-uber-2.2.1.jarjar添加到我的类路径中,并将我的sslcontext配置为SSLContexts.custom().setProvider(concrypt.newProvider()),但是当我使用sslcontext测试HttpClient时,它抛出: [main] INFO org.apache.hc.client5.http.impl.classi
concrypt-openjdk-uber-2.2.1.jarsslcontextSSLContexts.custom().setProvider(concrypt.newProvider())sslcontext[main] INFO org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec -
Recoverable I/O exception (java.net.NoRouteToHostException) caught when processing request to
{s}->https://www.wikipedia.org:443
setProvider我注意到Conscrypt在这里被列为一个依赖项:,因此可能需要在某个地方启用对Conscrypt的内置支持?您实际上不需要做任何事情。HttpClient自动检测并将
ConscryptConscryptPoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(ConscryptClientTlsStrategy.getSystemDefault())
.build();
CloseableHttpAsyncClient client = HttpAsyncClients.custom()
.setVersionPolicy(HttpVersionPolicy.NEGOTIATE)
.setConnectionManager(cm)
.build();
final SSLContext sslcontext = SSLContexts.custom()
.setProvider(Conscrypt.newProvider())
.build();
final SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder.create()
.setSslContext(sslcontext)
.build();
final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslSocketFactory)
.build();
try (CloseableHttpClient httpclient = HttpClients.custom()
.setConnectionManager(cm)
.build()) {
final HttpGet httpget = new HttpGet("https://www.wikipedia.org/");
System.out.println("Executing request " + httpget.getMethod() + " " + httpget.getUri());
final HttpClientContext clientContext = HttpClientContext.create();
try (CloseableHttpResponse response = httpclient.execute(httpget, clientContext)) {
System.out.println("----------------------------------------");
System.out.println(response.getCode() + " " + response.getReasonPhrase());
final SSLSession sslSession = clientContext.getSSLSession();
if (sslSession != null) {
System.out.println("SSL protocol " + sslSession.getProtocol());
System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
}
}
}
Executing request GET https://www.wikipedia.org/
2020-02-06 10:33:22,619 DEBUG ex-00000001: preparing request execution
2020-02-06 10:33:22,625 DEBUG Cookie spec selected: strict
2020-02-06 10:33:22,629 DEBUG Auth cache not set in the context
2020-02-06 10:33:22,629 DEBUG ex-00000001: target auth state: UNCHALLENGED
2020-02-06 10:33:22,630 DEBUG ex-00000001: proxy auth state: UNCHALLENGED
2020-02-06 10:33:22,630 DEBUG ex-00000001: acquiring connection with route {s}->https://www.wikipedia.org:443
2020-02-06 10:33:22,630 DEBUG ex-00000001: acquiring endpoint (3 MINUTES)
2020-02-06 10:33:22,632 DEBUG ex-00000001: endpoint lease request (3 MINUTES) [route: {s}->https://www.wikipedia.org:443][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
2020-02-06 10:33:22,636 DEBUG ex-00000001: endpoint leased [route: {s}->https://www.wikipedia.org:443][total available: 0; route allocated: 1 of 5; total allocated: 1 of 25]
2020-02-06 10:33:22,649 DEBUG ex-00000001: acquired ep-00000000
2020-02-06 10:33:22,649 DEBUG ex-00000001: acquired endpoint ep-00000000
2020-02-06 10:33:22,649 DEBUG ex-00000001: opening connection {s}->https://www.wikipedia.org:443
2020-02-06 10:33:22,650 DEBUG ep-00000000: connecting endpoint (3 MINUTES)
2020-02-06 10:33:22,650 DEBUG ep-00000000: connecting endpoint to https://www.wikipedia.org:443 (3 MINUTES)
2020-02-06 10:33:22,654 DEBUG http-outgoing-0: connecting to www.wikipedia.org/91.198.174.192:443
2020-02-06 10:33:22,654 DEBUG Connecting socket to www.wikipedia.org/91.198.174.192:443 with timeout 3 MINUTES
2020-02-06 10:33:22,759 DEBUG Enabled protocols: [TLSv1.2, TLSv1.3]
2020-02-06 10:33:22,759 DEBUG Enabled cipher suites:[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2020-02-06 10:33:22,759 DEBUG Starting handshake
2020-02-06 10:33:23,192 DEBUG Secure session established
2020-02-06 10:33:23,192 DEBUG negotiated protocol: TLSv1.2
2020-02-06 10:33:23,192 DEBUG negotiated cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
2020-02-06 10:33:23,192 DEBUG peer principal: CN=*.wikipedia.org, O="Wikimedia Foundation, Inc.", L=San Francisco, ST=California, C=US
2020-02-06 10:33:23,193 DEBUG peer alternative names: [*.wikipedia.org, *.wikimedia.org, *.wmfusercontent.org, *.wikimediafoundation.org, *.wiktionary.org, *.wikivoyage.org, *.wikiversity.org, *.wikisource.org, *.wikiquote.org, *.wikinews.org, *.wikidata.org, *.wikibooks.org, wikimedia.org, *.mediawiki.org, wikipedia.org, wikiquote.org, mediawiki.org, wmfusercontent.org, w.wiki, wikimediafoundation.org, wikibooks.org, wiktionary.org, wikivoyage.org, wikidata.org, wikiversity.org, wikisource.org, wikinews.org, *.m.wikipedia.org, *.m.wiktionary.org, *.m.wikivoyage.org, *.m.wikiquote.org, *.m.wikiversity.org, *.m.wikisource.org, *.m.wikimedia.org, *.m.wikinews.org, *.m.wikidata.org, *.m.wikibooks.org, *.planet.wikimedia.org, *.m.mediawiki.org]
2020-02-06 10:33:23,193 DEBUG issuer principal: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
2020-02-06 10:33:23,196 DEBUG http-outgoing-0: connection established 192.168.43.143:55022<->91.198.174.192:443
2020-02-06 10:33:23,196 DEBUG ep-00000000: connected http-outgoing-0
2020-02-06 10:33:23,196 DEBUG ep-00000000: endpoint connected
2020-02-06 10:33:23,197 DEBUG ex-00000001: executing GET / HTTP/1.1
2020-02-06 10:33:23,197 DEBUG ep-00000000: start execution ex-00000001
2020-02-06 10:33:23,197 DEBUG ep-00000000: executing exchange ex-00000001 over http-outgoing-0
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> GET / HTTP/1.1
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> Accept-Encoding: gzip, x-gzip, deflate
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> Host: www.wikipedia.org
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> Connection: keep-alive
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> User-Agent: Apache-HttpClient/5.0-beta8-SNAPSHOT (Java/1.8.0_181)
2020-02-06 10:33:23,402 DEBUG http-outgoing-0 << HTTP/1.1 200 OK
2020-02-06 10:33:23,403 DEBUG http-outgoing-0 << Date: Wed, 05 Feb 2020 20:39:26 GMT
2020-02-06 10:33:23,403 DEBUG http-outgoing-0 << Cache-Control: s-maxage=86400, must-revalidate, max-age=3600
2020-02-06 10:33:23,403 DEBUG http-outgoing-0 << Server: ATS/8.0.5
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << X-ATS-Timestamp: 1580935166
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << ETag: W/"12be8-59c0633ed3519"
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << Content-Type: text/html
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << Last-Modified: Mon, 13 Jan 2020 14:22:18 GMT
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << Backend-Timing: D=320 t=1579084179579408
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << Content-Encoding: gzip
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << Vary: Accept-Encoding
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << X-Varnish: 118503554 495852195
2020-02-06 10:33:23,406 DEBUG http-outgoing-0 << Age: 46437
2020-02-06 10:33:23,406 DEBUG http-outgoing-0 << X-Cache: cp3062 miss, cp3052 hit/600912
2020-02-06 10:33:23,406 DEBUG http-outgoing-0 << X-Cache-Status: hit-front
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Server-Timing: cache;desc="hit-front"
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Set-Cookie: WMF-Last-Access=06-Feb-2020;Path=/;HttpOnly;secure;Expires=Mon, 09 Mar 2020 00:00:00 GMT
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Set-Cookie: WMF-Last-Access-Global=06-Feb-2020;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Mon, 09 Mar 2020 00:00:00 GMT
2020-02-06 10:33:23,408 DEBUG http-outgoing-0 << X-Client-IP: 213.55.225.99
2020-02-06 10:33:23,418 DEBUG http-outgoing-0 << Set-Cookie: GeoIP=CH:ZH:Zurich:47.37:8.55:v4; Path=/; secure; Domain=.wikipedia.org
2020-02-06 10:33:23,418 DEBUG http-outgoing-0 << Accept-Ranges: bytes
2020-02-06 10:33:23,418 DEBUG http-outgoing-0 << Content-Length: 18800
2020-02-06 10:33:23,419 DEBUG http-outgoing-0 << Connection: keep-alive
2020-02-06 10:33:23,429 DEBUG ex-00000001: connection can be kept alive for -1 MILLISECONDS
2020-02-06 10:33:23,437 DEBUG Cookie accepted [WMF-Last-Access="06-Feb-2020", domain:www.wikipedia.org, path:/, expiry:Mon Mar 09 01:00:00 CET 2020]
2020-02-06 10:33:23,438 DEBUG Cookie accepted [WMF-Last-Access-Global="06-Feb-2020", domain:wikipedia.org, path:/, expiry:Mon Mar 09 01:00:00 CET 2020]
2020-02-06 10:33:23,438 DEBUG Cookie accepted [GeoIP="CH:ZH:Zurich:47.37:8.55:v4", domain:wikipedia.org, path:/, expiry:null]
----------------------------------------
200 OK
SSL protocol TLSv1.2
SSL cipher suite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
2020-02-06 10:33:23,467 DEBUG http-outgoing-0: close connection GRACEFUL
2020-02-06 10:33:23,468 DEBUG ep-00000000: endpoint closed
2020-02-06 10:33:23,468 DEBUG ep-00000000: endpoint closed
2020-02-06 10:33:23,468 DEBUG ep-00000000: discarding endpoint
2020-02-06 10:33:23,468 DEBUG ep-00000000: releasing endpoint
2020-02-06 10:33:23,469 DEBUG ep-00000000: connection released [route: {s}->https://www.wikipedia.org:443][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
2020-02-06 10:33:23,469 DEBUG Shutdown connection pool GRACEFUL
2020-02-06 10:33:23,469 DEBUG Connection pool shut down
执行请求GEThttps://www.wikipedia.org/
2020-02-06 10:33:22619调试ex-00000001:准备请求执行
2020-02-06 10:33:22625选择调试Cookie规范:严格
2020-02-06 10:33:22629上下文中未设置调试验证缓存
2020-02-06 10:33:22629调试ex-00000001:目标身份验证状态:未被质询
2020-02-06 10:33:22630调试ex-00000001:代理身份验证状态:未被质询
2020-02-06 10:33:22630调试ex-00000001:获取与路由{s}的连接->https://www.wikipedia.org:443
2020-02-06 10:33:22630调试ex-00000001:获取端点(3分钟)
2020-02-06 10:33:22632调试ex-00000001:端点租用请求(3分钟)[路由:{s}->https://www.wikipedia.org:443][可用总数量:0;分配的路线:5条中的0条;分配的总数量:25条中的0条]
2020-02-06 10:33:22636调试ex-00000001:端点租用[路由:{s}->https://www.wikipedia.org:443][可用总数:0;分配的路线:5个路线中的1个;分配的总数:25个路线中的1个]
2020-02-06 10:33:22649调试ex-00000001:获取ep-00000000
2020-02-06 10:33:22649调试ex-00000001:获取的端点ep-00000000
2020-02-06 10:33:22649调试ex-00000001:打开连接{s}->https://www.wikipedia.org:443
2020-02-06 10:33:22650调试ep-00000000:连接端点(3分钟)
2020-02-06 10:33:22650调试ep-00000000:将端点连接到https://www.wikipedia.org:443 (3分钟)
2020-02-06 10:33:22654调试http-outgoing-0:连接到www.wikipedia.org/91.198.174.192:443
2020-02-06 10:33:22654调试将套接字连接到www.wikipedia.org/91.198.174.192:443,超时3分钟
2020-02-06 10:33:22759启用调试的协议:[TLSv1.2,TLSv1.3]
2020-02-06 10:33:22759启用调试的密码套件:(TLS-S-8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 GCM_SHA384,TLS_ECDHE_RSA_,带CHACHA20_Poly 1305_SHA256,TLS_ECDHE_ECDSA_WI这是一个有128个字母的8 8个字母的8 8个字母的8 8个字母的8 8个字母的CBC沙,一个有256个字母的8个字母的8个字母的8 8个字母的12 8个字母的12 8个字母的8 8个字母的8 8个字母的8个字母的8 8个字母的8个字母的8个字母的8个字母的8个字母的8个字母的8 8个字母的8个字母的8 8个字母的8 8个字母的8 8个字母的8个字母的8个字母的8 8个字母的8个字母的8 8个字母的8个字母的8个字母的8个字母的8个字母的8 8个字母的8个字母的8个字母的8个字母的8个字母的8个字母的8个字母的8个字母的8个字母的8 8个字母的8个字母的8个字母的8个字母的8 8个字母的8个字母的8个字母的8个字母的8个字母的S的\u空\u重新协商\u信息\u SCSV]
2020-02-06 10:33:22759调试启动握手
2020-02-06 10:33:23192调试安全会话已建立
2020-02-06 10:33:23192调试协商协议:TLSv1.2
2020-02-06 10:33:23192调试协商密码套件:TLS_ECDHE_ECDSA_与_CHACHA20_poly 1305_SHA256
2020-02-06 10:33∶3192调试对等主体:CN= *.WiKiTo.Org,O=“维基媒体基金会”,L=旧金山,ST =加利福尼亚,C=美国
2020-02-06 10:33:23193调试对等可选名称:[*.wikipedia.org、*.wikimedia.org、*.wmfusercontent.org、*.wikimediafoundation.org、*.wiktionary.org、*.wikivoyage.org、*.wikiversity.org、*.wikisource.org、*.wikiquote.org、*.wikinews.org、*.wikidata.org、*.wikibooks.org、wikimedia.org、wikipedia.org、wikiquote.org、mediawiki.org、wmfusercontent.org、w.wikimedia.org,wikibooks.org,wiktionary.org,wikivoyage.org,wikidata.org,wikiversity.org,wikisource.org,wikinews.org,*.m.wikipedia.org,*.m.wiktionary.org,*.m.wikivoyage.org,*.m.wikiquote.org,*.m.wikiversity.org,*.m.wikisource.org,*.m.wikimedia.org,*.m.wikidata.org,*.m.wikibooks.org,*.m.wikimedia.org,*.planet.wikimedia.org,*.m.wikimedia.org]
2020-02-06 10:33:23193调试发行人负责人:CN=DigiCert SHA2高保证服务器CA,OU=www.DigiCert.com,O=DigiCert Inc,C=US
2020-02-06 10:33:23196调试http-outgoing-0:已建立连接192.168.43.143:5502291.198.174.192:443
2020-02-06 10:33:23196调试ep-00000000:已连接的http-outgoing-0
2020-02-06 10:33:23196调试ep-00000000:端点已连接
2020-02-06 10:33:23197调试ex-00000001:执行GET/HTTP/1.1
2020-02-06 10:33:23197调试ep-00000000:开始执行ex-00000001
2020-02-06 10:33:23197调试ep-00000000:通过http-outgoing-0执行exchange ex-00000001
2020-02-06 10:33:23198调试http-outgoing-0>>GET/http/1.1
2020-02-06 10:33:23198调试http-outgoing-0>>接受编码:gzip,x-gzip,deflate
2020-02-06 10:33:23198调试http-outgoing-0>>主机:www.wikipedia.org
2020-02-06 10:33:23198调试http-outgoing-0>>连接:保持活动状态
2020-02-06 10:33:23198调试http-outgoing-0>>用户代理:Apache HttpClient/5.0-beta8-SNAPSHOT(Java/1.8.0_181)
2020-02-06 10:33:23402调试http-outgoing-0谢谢,你是说Conscrypt只能与HttpAsyncClient一起使用,而不能与常规HttpClient一起使用吗?理想情况下,我想知道如何使它与常规HttpClient一起工作。嗯。不,我不是这么说,但我实际上从未用Conscrypt provi测试过经典HttpClient我会这么做,然后拿到bac