Java HttpsURLConnection 和 TLS 1.2
Java HttpsURLConnection and TLS 1.2
我在一篇文章中读到 HttpsURLConnection 将透明地协商 SSL 连接。
官方文档说:
This class uses HostnameVerifier and SSLSocketFactory. There are default implementations defined for both classes. [1]
这是否意味着一旦您打开与
的连接
httpsCon = (HttpsURLConnection) url.openConnection();
它已经 SSL/TLS 加密了?
如何查看和设置标准实施的 TLS 版本?
(对于 Java 8 应该是 TLS 1.2,对于 Java 7 应该是 TLS 1.0)
参考资料
- 甲骨文公司(2011 年)。 javax.net.ssl.HttpsURLConnection。 (Java文档)
您必须创建一个 SSLContext 来设置协议:
在 Java 1.8:
SSLContext sc = SSLContext.getInstance("TLSv1.2");
// Init the SSLContext with a TrustManager[] and SecureRandom()
sc.init(null, trustCerts, new java.security.SecureRandom());
在 Java 1.7:
SSLContext sc = SSLContext.getInstance("TLSv1");
// Init the SSLContext with a TrustManager[] and SecureRandom()
sc.init(null, trustCerts, new java.security.SecureRandom());
那么您只需将 SSLContext 设置为 HttpsURLConnection:
httpsCon.setSSLSocketFactory(sc.getSocketFactory());
这应该可以解决问题。
您还可以使用 JDK 1.7 设置 TLS 1.2 协议。默认情况下 JDK 1.7 会将其设置为 1.0。
SSLContext sc = SSLContext.getInstance("TLSv1.2"); //$NON-NLS-1$
sc.init(null, null, new java.security.SecureRandom());
HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection();
con.setSSLSocketFactory(sc.getSocketFactory());
private static javax.net.ssl.SSLSocketFactory getFactorySimple()
throws Exception {
SSLContext context = SSLContext.getInstance("TLSv1.2");`
context.init(null, null, null);
return context.getSocketFactory();
}
String loginurl ="some url";
HttpsURLConnection connection = null;
URL url = new URL(loginURL);
connection = (HttpsURLConnection) url.openConnection();
javax.net.ssl.SSLSocketFactory sslSocketFactory =getFactorySimple();
connection.setSSLSocketFactory(sslSocketFactory);
以上代码可用于在java1.7
中启用tls 1.1或tls 1.2
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null,null,null);
SSLSocketFactory sf = sc.getSocketFactory();
SSLSocket ss = (SSLSocket)sf.createSocket();
String[] pro = {"TLSv1.2"};
String[] cipherSuites = {"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
//ss.setEnabledProtocols(pro);
ss.setEnabledCipherSuites(cipherSuites);
System.out.println(Arrays.toString(ss.getEnabledProtocols()));
我试过这段代码,输出是“[TLSv1, TLSv1.1, TLSv1.2]”,这应该意味着它支持“TLSv1, TLSv1.1, TLSv1.2”。我很困惑如何仅使用 HttpsUrlConnection 设置为 TLSv1.2?
我在一篇文章中读到 HttpsURLConnection 将透明地协商 SSL 连接。
官方文档说:
This class uses HostnameVerifier and SSLSocketFactory. There are default implementations defined for both classes. [1]
这是否意味着一旦您打开与
的连接httpsCon = (HttpsURLConnection) url.openConnection();
它已经 SSL/TLS 加密了?
如何查看和设置标准实施的 TLS 版本? (对于 Java 8 应该是 TLS 1.2,对于 Java 7 应该是 TLS 1.0)
参考资料
- 甲骨文公司(2011 年)。 javax.net.ssl.HttpsURLConnection。 (Java文档)
您必须创建一个 SSLContext 来设置协议:
在 Java 1.8:
SSLContext sc = SSLContext.getInstance("TLSv1.2");
// Init the SSLContext with a TrustManager[] and SecureRandom()
sc.init(null, trustCerts, new java.security.SecureRandom());
在 Java 1.7:
SSLContext sc = SSLContext.getInstance("TLSv1");
// Init the SSLContext with a TrustManager[] and SecureRandom()
sc.init(null, trustCerts, new java.security.SecureRandom());
那么您只需将 SSLContext 设置为 HttpsURLConnection:
httpsCon.setSSLSocketFactory(sc.getSocketFactory());
这应该可以解决问题。
您还可以使用 JDK 1.7 设置 TLS 1.2 协议。默认情况下 JDK 1.7 会将其设置为 1.0。
SSLContext sc = SSLContext.getInstance("TLSv1.2"); //$NON-NLS-1$
sc.init(null, null, new java.security.SecureRandom());
HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection();
con.setSSLSocketFactory(sc.getSocketFactory());
private static javax.net.ssl.SSLSocketFactory getFactorySimple()
throws Exception {
SSLContext context = SSLContext.getInstance("TLSv1.2");`
context.init(null, null, null);
return context.getSocketFactory();
}
String loginurl ="some url";
HttpsURLConnection connection = null;
URL url = new URL(loginURL);
connection = (HttpsURLConnection) url.openConnection();
javax.net.ssl.SSLSocketFactory sslSocketFactory =getFactorySimple();
connection.setSSLSocketFactory(sslSocketFactory);
以上代码可用于在java1.7
中启用tls 1.1或tls 1.2 SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null,null,null);
SSLSocketFactory sf = sc.getSocketFactory();
SSLSocket ss = (SSLSocket)sf.createSocket();
String[] pro = {"TLSv1.2"};
String[] cipherSuites = {"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
//ss.setEnabledProtocols(pro);
ss.setEnabledCipherSuites(cipherSuites);
System.out.println(Arrays.toString(ss.getEnabledProtocols()));
我试过这段代码,输出是“[TLSv1, TLSv1.1, TLSv1.2]”,这应该意味着它支持“TLSv1, TLSv1.1, TLSv1.2”。我很困惑如何仅使用 HttpsUrlConnection 设置为 TLSv1.2?