如何使用 Apache HttpClient 启用 SSLv3?

How to enable SSLv3 with Apache HttpClient?

Apache 中禁用了 SSLv3 HttpClient since version 4.3.6, but I'm using version 4.5. The developers wrote:

Those users who wish to continue using SSLv3 need to explicitly enable support for it.

我尝试在 JVM 级别设置支持的协议,但没有成功。该示例是在 Scala 中,但这与问题无关:

System.setProperty("https.protocols", "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2")

我的第二次尝试是这样的:

val instance: CloseableHttpClient = {
  val trustStrategy = new TrustStrategy {
    override def isTrusted(x509Certificates: Array[X509Certificate], s: String) = true
  }
  val sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build()
  val sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)
  val socketFactoryRegistry =
    RegistryBuilder.create[ConnectionSocketFactory]()
        .register("http", PlainConnectionSocketFactory.getSocketFactory)
        .register("https", sslSocketFactory)
        .build()
  val connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry)
  HttpClients.custom()
      .disableRedirectHandling()
      .setSSLContext(sslContext)
      .setConnectionManager(connectionManager)
      .build()
}

但是也没用。

如何使用 Apache HttpClient 4.5 连接到支持 SSLv2Hello、SSLv3、TLSv1、TLSv1.1、TLSv1.2 的主机?

HttpClient 默认不考虑系统属性。要么需要指示 HttpClient 构建器这样做

CloseableHttpClient client = HttpClients.createSystem();

或使用自定义协议设置手动配置连接套接字工厂

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
        SSLContext.getDefault(),
        new String[] { "SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"},
        null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", socketFactory)
        .build();

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();

编辑

此代码片段适用于评论中提到的网站

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
        SSLContext.getDefault(),
        new String[] {"TLSv1"},
        null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", socketFactory)
        .build();

PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://www.ethz.ch/de.html"))) {
    System.out.println(response.getStatusLine());
    System.out.println(EntityUtils.toString(response.getEntity()));
}