如何使用 javax.net.ssl.SSLContext 设置密码套件

Question

如何使用 javax.net.ssl.SSLContext 设置密码套件

Ray*_*y S 5 java-8 apache-httpclient-4.x sslcontext

在使用 java8 的 Spring Boot 应用程序中，我将 httpClient 连接的底层 SSLConext 设置如下：

 import javax.net.ssl.SSLContext;

  SSLContext sslContext =  SSLContext.getInstance("TLSv1.2");
  sslContext.init(null, null, null); 

  CloseableHttpClient httpClient = HttpClientBuilder
          .create()
          .setConnectionManager(myConnectionManager)
          .setDefaultRequestConfig(rqConfig)
          .setSSLContext(sslContext)
          .build();

Run Code Online (Sandbox Code Playgroud)

我需要将底层 TLS1.2 安全连接的密码套件设置为我选择的更强大的东西。我没有看到通过在代码中创建 sslContext 的方式来做到这一点的方法。

有人可以帮我用 sslContext 设置密码套件吗？

===============更新=================

 This is how I have now created my HttpClient

 CloseableHttpClient httpClient = HttpClientBuilder
          .create()
          .setConnectionManager(myConnectionManager)
          .setDefaultRequestConfig(rqConfig)
          .setSSLSocketFactory(new SSLConnectionSocketFactory(
                  SSLContexts.createSystemDefault(),
                  new String[]{"TLSv1.2"},
                  new String[] {"some-gibberish-cipher-suite"},
                  SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
          .build();

Run Code Online (Sandbox Code Playgroud)

Answer 1

ok2*_*k2c 4

SSLConnectionSocketFactory创建自定义实例时可以指定首选 TLS 协议版本和自定义密码

CloseableHttpClient client = HttpClients.custom()
    .setSSLSocketFactory(new SSLConnectionSocketFactory(
            SSLContexts.createSystemDefault(),
            new String[]{"TLSv1.2"},
            new String[] {"TLS_RSA_WITH_AES_256_CBC_SHA256"},
            SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
    .build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://httpbin.org/"))) {
    System.out.println(response.getStatusLine());
    HttpEntity entity = response.getEntity();
    EntityUtils.consume(entity);
}

Run Code Online (Sandbox Code Playgroud)

或者，可以PoolingHttpClientConnectionManager使用所需的 SSL 配置创建自定义实例。

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", new SSLConnectionSocketFactory(
                SSLContexts.createSystemDefault(),
                new String[]{"TLSv1.2"},
                new String[]{"TLS_RSA_WITH_AES_256_CBC_SHA256"},
                SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
        .build());

CloseableHttpClient client = HttpClients.custom()
    .setConnectionManager(cm)
    .build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://httpbin.org/"))) {
    System.out.println(response.getStatusLine());
    HttpEntity entity = response.getEntity();
    EntityUtils.consume(entity);
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	6 年，10 月前
查看次数：	10029 次
最近记录：	6 年，10 月前