1. 首頁
  2. 問答
  3. 如何在eclipse中使用TLS1.2協議獲取簡單的Java客戶端連接到服務器

如何在eclipse中使用TLS1.2協議獲取簡單的Java客戶端連接到服務器

2016-01-05 35 views
0

我嘗試了幾種使用httpclient,urlconnection等無效訪問休息服務的常用方法。如何在eclipse中使用TLS1.2協議獲取簡單的Java客戶端連接到服務器

我已經閱讀了無數堆棧溢出文章如何做到這一點,沒有任何工程在我的eclipse mobilefirst/RSA環境。我正在使用mobilefirst 7.1.1和RSA 9.1.1運行jdk 1.7。

從我讀到的,你必須設置SSLContext與tls1.2服務器交談......因爲相同的代碼在其他服務器上工作正常。我所看到的只有一種方法可以讓你設置SSLContext,這與ClientHTTPBuilder一致。

所以這裏有幾個例子:

此示例爲這個網址...但是,使用tls1.2

URL url = new URL("https://wikipedia.org"); 
     URLConnection urlConnection = url.openConnection(); 
     InputStream in = urlConnection.getInputStream(); 
     str = getStringByBufferedReader(in);

第二個例子不是一個:

SSLContext context = SSLContext.getInstance("TLS"); 
    context.init(null, null, null); 
HttpClientBuilder clientBuilder = HttpClientBuilder.create().setSslcontext(context); 
HttpGet request = new HttpGet(baseURL); 
request.addHeader("Authorization", basicAuthorization); 
request.addHeader("Accept", "text/plain"); 
CloseableHttpClient httpClient = clientBuilder.build(); 
CloseableHttpResponse httpResponse = httpClient.execute(request);

兩種連接類型都會出現以下錯誤:

Exception in Test method = javax.net.ssl.SSLException: Received fatal alert: protocol_version

我也導入了證書。我也試過jdk 1.8無濟於事。

來源

2016-01-05 Tim

回答

0

JRE7中的TLS解析爲TLSv1。明確設置協議TLSv1.2工作:

SSLContext context = SSLContext.getInstance("TLSv1.2");

否則與HttpClientBuilder你的例子是OK。

編輯:

如果要禁用主機名檢查(這是在生產系統壞主意):

隨着Apache httpclient < 4.3:

package hello; 

import java.net.URI; 

import org.apache.http.client.HttpClient; 
import org.apache.http.client.methods.CloseableHttpResponse; 
import org.apache.http.client.methods.HttpGet; 
import org.apache.http.conn.scheme.Scheme; 
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; 
import org.apache.http.conn.ssl.SSLSocketFactory; 
import org.apache.http.impl.client.DefaultHttpClient; 


public class client { 

    public static void main(String args[]) throws Exception { 

//  System.setProperty("javax.net.debug", "ssl:handshake:verbose"); 

     SSLSocketFactory socketFactory = null ; 

     // Set benevolent host name verifier    
     socketFactory = new SSLSocketFactory("TLS" , null /* Keystore*/ , 
       null /* keystore passwd */ ,null /* trusts store */ , null , 
       SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) ; 

     Scheme sch = new Scheme("https", 443, socketFactory); 
     DefaultHttpClient httpClient = new DefaultHttpClient() ;   
     httpClient.getConnectionManager().getSchemeRegistry().register(sch);   

     HttpGet request = new HttpGet(new URI("https://www.wikipedia.org/")); 
//  request.addHeader("Authorization", basicAuthorization); 
//  request.addHeader("Accept", "text/plain"); 
     CloseableHttpResponse httpResponse = httpClient.execute(request); 
     System.out.println(httpResponse.getStatusLine()); 

     httpClient.close(); 
    } 
}

隨着Apache httpclient> = 4.3:

package hello; 

import java.net.URI; 
import java.util.Arrays; 

import javax.net.ssl.HostnameVerifier; 
import javax.net.ssl.SSLContext; 
import javax.net.ssl.SSLParameters; 
import javax.net.ssl.SSLSession; 
import javax.net.ssl.SSLSocket; 
import javax.net.ssl.SSLSocketFactory; 

import org.apache.http.client.methods.CloseableHttpResponse; 
import org.apache.http.client.methods.HttpGet; 
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; 
import org.apache.http.impl.client.CloseableHttpClient; 
import org.apache.http.impl.client.HttpClientBuilder; 

import sun.security.ssl.SSLSocketFactoryImpl; 

public class client { 

    public static void main(String args[]) throws Exception { 

//  System.setProperty("javax.net.debug", "ssl:handshake:verbose"); 

     SSLContext context = SSLContext.getInstance("TLSv1.2"); 
     context.init(null, null, null); 

     SSLConnectionSocketFactory sslCF = new SSLConnectionSocketFactory(context, new HostnameVerifier() { 
      @Override 
      public boolean verify(String hostname, SSLSession session) { 
       // or add your own test here 
       return true; 
      } 
     }); 

     CloseableHttpClient httpClient = HttpClientBuilder 
       .create() 
       .setSSLSocketFactory(sslCF) 
       .build(); 

     HttpGet request = new HttpGet(new URI("https://www.wikipedia.org/")); 
//  request.addHeader("Authorization", basicAuthorization); 
//  request.addHeader("Accept", "text/plain"); 
     CloseableHttpResponse httpResponse = httpClient.execute(request); 
     System.out.println(httpResponse.getStatusLine());   
    } 
}

來源

2016-01-06 13:04:14

+0

我沒有你的建議,現在收到此錯誤: – Tim

+0

javax.net.ssl.SSLProtocolException:握手警報:unrecognized_name – Tim

+0

我覺得現在我們正在談論真正的問題......這可能是證書問題嗎?我從服務器導入的證書是自簽名證書......不確定在TLS 1.2中是否允許這樣做。通過添加--insecure選項,我可以通過curl工作。它也適用於Chrome和Firefox的各種其他客戶端。 – Tim

0

我能夠在主類一行修復它:

System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");

來源

2016-06-30 21:28:01 ViaSat

相關問題

 相關問題