如何使用 Apache HttpClient 启用 SSLv3?
How to enable SSLv3 with Apache HttpClient?
Apache 中禁用了 SSLv3 HttpClient since version 4.3.6, but I'm using version 4.5. The developers wrote:
Those users who wish to continue using SSLv3 need to explicitly enable support for it.
我尝试在 JVM 级别设置支持的协议,但没有成功。该示例是在 Scala 中,但这与问题无关:
System.setProperty("https.protocols", "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2")
我的第二次尝试是这样的:
val instance: CloseableHttpClient = {
val trustStrategy = new TrustStrategy {
override def isTrusted(x509Certificates: Array[X509Certificate], s: String) = true
}
val sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build()
val sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)
val socketFactoryRegistry =
RegistryBuilder.create[ConnectionSocketFactory]()
.register("http", PlainConnectionSocketFactory.getSocketFactory)
.register("https", sslSocketFactory)
.build()
val connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry)
HttpClients.custom()
.disableRedirectHandling()
.setSSLContext(sslContext)
.setConnectionManager(connectionManager)
.build()
}
但是也没用。
如何使用 Apache HttpClient 4.5 连接到支持 SSLv2Hello、SSLv3、TLSv1、TLSv1.1、TLSv1.2 的主机?
HttpClient 默认不考虑系统属性。要么需要指示 HttpClient 构建器这样做
CloseableHttpClient client = HttpClients.createSystem();
或使用自定义协议设置手动配置连接套接字工厂
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] { "SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
编辑
此代码片段适用于评论中提到的网站
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://www.ethz.ch/de.html"))) {
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));
}
Apache 中禁用了 SSLv3 HttpClient since version 4.3.6, but I'm using version 4.5. The developers wrote:
Those users who wish to continue using SSLv3 need to explicitly enable support for it.
我尝试在 JVM 级别设置支持的协议,但没有成功。该示例是在 Scala 中,但这与问题无关:
System.setProperty("https.protocols", "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2")
我的第二次尝试是这样的:
val instance: CloseableHttpClient = {
val trustStrategy = new TrustStrategy {
override def isTrusted(x509Certificates: Array[X509Certificate], s: String) = true
}
val sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build()
val sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)
val socketFactoryRegistry =
RegistryBuilder.create[ConnectionSocketFactory]()
.register("http", PlainConnectionSocketFactory.getSocketFactory)
.register("https", sslSocketFactory)
.build()
val connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry)
HttpClients.custom()
.disableRedirectHandling()
.setSSLContext(sslContext)
.setConnectionManager(connectionManager)
.build()
}
但是也没用。
如何使用 Apache HttpClient 4.5 连接到支持 SSLv2Hello、SSLv3、TLSv1、TLSv1.1、TLSv1.2 的主机?
HttpClient 默认不考虑系统属性。要么需要指示 HttpClient 构建器这样做
CloseableHttpClient client = HttpClients.createSystem();
或使用自定义协议设置手动配置连接套接字工厂
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] { "SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
编辑
此代码片段适用于评论中提到的网站
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://www.ethz.ch/de.html"))) {
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));
}