如何强制 Apache 的 CloseableHttpClient 使用 TLSv1.2?
How do I force Apache's CloseableHttpClient to use TLSv1.2?
在 Java 中,我需要让 Apache CloseableHttpClient 使用 TLSv1.2。目前它看起来像使用 HTTP/1.1。如何在下面的代码中指定协议版本?
public static void main(String [] args){
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
@SuppressWarnings("static-access")
CloseableHttpClient httpclient = HttpClientBuilder.create()
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext.getDefault(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build();
HttpHost target = new HttpHost("https://www.sometest.com", 443, "https");
String call = "/vivisimo/cgi-bin/velocity";
HttpGet getRequest = new HttpGet(call);
System.out.println("Protocol Version:" + getRequest.getProtocolVersion());
} catch (Exception e) {
e.printStackTrace();
}
}
在创建 SSLContext 时指定它必须使用 TLS 而不是获取默认的:
SSLContext sslContext = SSLContextBuilder.create().build();
或者:
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(....);
或者简单地使用:
SSLContext sslContext = SSLContexts.custom().build()
根据您的代码,这里是 运行ning 示例(它连接到 google.com)。我已经启用了调试日志。在日志中查找 negotiated protocol: TLSv1.2。现在,在创建 http 客户端(new String[] { "TLSv1.1" })时将 TLS 版本更改为 1.1,运行 程序并观察字符串 'negotiated protocol..' 更改为 TLSv1.1.
您之前打印的是 HTTP 协议版本。
import org.apache.http.HttpHost;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import javax.net.ssl.SSLContext;
import java.io.OutputStreamWriter;
import java.io.PrintStream;
import java.io.StringWriter;
public class ForceTLS12 {
public static void main(String[] args) {
try {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
System.setProperty("org.apache.commons.logging.simplelog.showdatetime","true");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http","DEBUG");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire","DEBUG");
//SSLContext sslContext = SSLContext.getInstance("TLS");
@SuppressWarnings("static-access")
CloseableHttpClient httpclient = HttpClientBuilder.create()
.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().build(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build();
HttpHost target = new HttpHost("www.google.com", 443, "https");
//String call = "/vivisimo/cgi-bin/velocity";
HttpGet getRequest = new HttpGet(target.toURI());
CloseableHttpResponse resposne = httpclient.execute(getRequest);
System.out.println(resposne.getEntity().getContentType());
System.out.println("Protocol Version:" + getRequest.getProtocolVersion());
} catch (Exception e) {
e.printStackTrace();
}
}
}
此可执行代码示例也可在 github 获得。
在 Java 中,我需要让 Apache CloseableHttpClient 使用 TLSv1.2。目前它看起来像使用 HTTP/1.1。如何在下面的代码中指定协议版本?
public static void main(String [] args){
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
@SuppressWarnings("static-access")
CloseableHttpClient httpclient = HttpClientBuilder.create()
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext.getDefault(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build();
HttpHost target = new HttpHost("https://www.sometest.com", 443, "https");
String call = "/vivisimo/cgi-bin/velocity";
HttpGet getRequest = new HttpGet(call);
System.out.println("Protocol Version:" + getRequest.getProtocolVersion());
} catch (Exception e) {
e.printStackTrace();
}
}
在创建 SSLContext 时指定它必须使用 TLS 而不是获取默认的:
SSLContext sslContext = SSLContextBuilder.create().build();
或者:
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(....);
或者简单地使用:
SSLContext sslContext = SSLContexts.custom().build()
根据您的代码,这里是 运行ning 示例(它连接到 google.com)。我已经启用了调试日志。在日志中查找 negotiated protocol: TLSv1.2。现在,在创建 http 客户端(new String[] { "TLSv1.1" })时将 TLS 版本更改为 1.1,运行 程序并观察字符串 'negotiated protocol..' 更改为 TLSv1.1.
您之前打印的是 HTTP 协议版本。
import org.apache.http.HttpHost;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import javax.net.ssl.SSLContext;
import java.io.OutputStreamWriter;
import java.io.PrintStream;
import java.io.StringWriter;
public class ForceTLS12 {
public static void main(String[] args) {
try {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
System.setProperty("org.apache.commons.logging.simplelog.showdatetime","true");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http","DEBUG");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire","DEBUG");
//SSLContext sslContext = SSLContext.getInstance("TLS");
@SuppressWarnings("static-access")
CloseableHttpClient httpclient = HttpClientBuilder.create()
.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().build(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
.build();
HttpHost target = new HttpHost("www.google.com", 443, "https");
//String call = "/vivisimo/cgi-bin/velocity";
HttpGet getRequest = new HttpGet(target.toURI());
CloseableHttpResponse resposne = httpclient.execute(getRequest);
System.out.println(resposne.getEntity().getContentType());
System.out.println("Protocol Version:" + getRequest.getProtocolVersion());
} catch (Exception e) {
e.printStackTrace();
}
}
}
此可执行代码示例也可在 github 获得。