如何使用Rest Template强制TLS1.2到Rest客户端

Question

我通过调用post方法使用Spring3.0 restTemplate来使用json webservice.

        MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
        headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);      
        HttpEntity<Object> entity = new HttpEntity<Object>(requestAsString, headers);
        postForObject = restTemplate.postForObject(url, entity, responseClass );

我们的应用程序部署在WAS服务器中,并尝试通过创建与TLS1.0的套接字连接来连接生产者.但是,现在生产者只支持TLS1.1和TLS1.2.

如何强制restTempate使用TLS1.1或TLS 1.2.

通常对于apache httpclient代码,创建自定义ProtocolSocketFactory并覆盖createSocket方法.但是,在RestTemplate的情况下,如何实现相同.

Answer 1

随着Spring> 3.1:

import javax.net.ssl.SSLContext;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);

CloseableHttpClient httpClient = HttpClientBuilder.create().setSSLContext(context)
    .build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(factory);
.....

Answer 2

您可以将RestTemplate配置为使用自定义ClientHttpRequestFactory.特别是(因为你使用的是Spring 3.0),有一个CommonsClientHttpRequestFactory.这将使您能够详细配置公共HTTP,并且您的RestTemplate将使用它来执行其请求.

请注意,实际的实现类在Spring的更高版本中已经更改(如果你仍然在3.0上,你真的应该考虑更新).从3.1开始调用实现类HttpComponentsClientHttpRequestFactory.

Answer 3

@abhishekhp如果你的问题仍然存在。

    RestTemplate restTemplate = new RestTemplate();
    DefaultHttpClient httpClient = new DefaultHttpClient();
    // We're going to try and load and enable TLS version 1.2 standard communication context from JSSE Providers
    // This is enabled only for download media Mirakl as some merchants don't accept communication with TLS versions prior to 1.1
    try {
        SSLContext context;
        context = SSLContext.getInstance("TLSv1.2");
        context.init(null, null, null);

        SSLSocketFactory ssf = new SSLSocketFactory(context);
        ClientConnectionManager ccm = httpClient.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
        sr.register(new Scheme("https", 443, ssf));

    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        LOGGER.warn("Could not load the TLS version 1.2 due to => ", e);
    }

    restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory(httpClient));