我試圖與Apache的HttpClient 4.1 ....任何方式來禁用Apache HttpClient的SSLv2向後兼容模式?
HttpGet httpget = new HttpGet("https://federation/galaxy-class/enterprise/getSheildFrequencies");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpResponse response = httpclient.execute(httpget);
連接到HTTPS URL在連接過程中,我得到了下面的異常...
Caught: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
當我打開調試時,我看到了下面..
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, handling exception: java.net.SocketException: Connection reset
所以它看起來像我的客戶的確在使用TLSv1握手,但再送到客戶打招呼的SSLv2的服務器沒有就像(因爲它不支持SSLv2向後兼容模式,它會斷開連接)。
有什麼辦法可以告訴Apache HttpClient不這樣做嗎?或者這是配置在底層JRE(我使用1.6)?
UPDATE
由於bmargulies建議,我試圖讓自己的套接字工廠,並將其配置爲只允許我想要的協議....
def supportedProtocols = new String[2]
supportedProtocols[0] = 'SSLv3'
supportedProtocols[1] = 'TLSv1'
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),supportedProtocols,
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
HttpResponse response = client.execute(httpget);
但這給出了另一個例外。 ..
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
發佈您用於連接的代碼。 –
Doc:http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/index.html?org/apache/http/impl/client/DefaultHttpClient.html。 – bmargulies