如何在 Java 7 中启用 TLS 1.2
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39157422/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to enable TLS 1.2 in Java 7
提问by New Bee
I am trying to enable TLS 1.2 in my web app which uses JBoss 6.4 and Java 1.7. I have -Dhttp.protocols = TLSv1.2in my application environment but it doesn't seem to work for me.
我正在尝试在使用 JBoss 6.4 和 Java 1.7 的 Web 应用程序中启用 TLS 1.2。我-Dhttp.protocols = TLSv1.2在我的应用程序环境中有,但它似乎对我不起作用。
Is there anything I could do to enable TLS 1.2?
我可以做些什么来启用 TLS 1.2?
I wrote a simple program
我写了一个简单的程序
context = SSLContext.getInstance("TLSv1.2");
context.init(null,null,null);
SSLContext.setDefault(context);
SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
protocols = socket.getEnabledProtocols();
After running this program within the app the TLS 1.2 gets enabled. I do not want to run this program but I want to directly enable it during app startup. Is there any way to do it?
在应用程序中运行此程序后,TLS 1.2 将启用。我不想运行这个程序,但我想在应用程序启动时直接启用它。有什么办法吗?
回答by Sirsendu
System.setProperty("https.protocols", "TLSv1.2");worked in my case. Have you checked that within the application?
System.setProperty("https.protocols", "TLSv1.2");在我的情况下工作。你有没有在应用程序中检查过?
回答by AntonioOtero
Add this parameter to JAVA_OPTS or to the command line in maven:
-Dhttps.protocols=TLSv1.2
将此参数添加到 JAVA_OPTS 或 maven 中的命令行:
-Dhttps.protocols=TLSv1.2
回答by ankit.vishen
There are many suggestions but I found two of them most common. I first tried export JAVA_OPTS="-Dhttps.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2"on command line before startup of program but it didn't work for me.
有很多建议,但我发现其中两个最常见。我export JAVA_OPTS="-Dhttps.protocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2"在程序启动之前第一次尝试命令行,但它对我不起作用。
Then I added following code in startup class constructor and it worked for me.
然后我在启动类构造函数中添加了以下代码,它对我有用。
try {
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(null, null, null);
SSLContext.setDefault(ctx);
} catch (Exception e) {
System.out.println(e.getMessage());
}
Frankly I don't know in details why ctx.init(null, null, null);but all (SSL/TLS) are working fine for me.
坦率地说,我不知道详细原因,ctx.init(null, null, null);但所有(SSL/TLS)对我来说都很好。
There is one more option: System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");. It will also go in code but I've not tried it.
还有一种选择:System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");. 它也将进入代码,但我没有尝试过。
回答by Meeraj Kanaparthi
Add following option for java application:
为 java 应用程序添加以下选项:
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
回答by Joby Wilson Mathews
You can upgrade your Java 7 version to 1.7.0_131-b31
您可以将 Java 7 版本升级到 1.7.0_131-b31
For JRE 1.7.0_131-b31 in Oracle site :
对于 Oracle 站点中的 JRE 1.7.0_131-b31:
TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. This is similar behavior to what already happens in JDK 8 releases.
TLSv1.2 和 TLSv1.1 现在默认在 TLS 客户端端点上启用。这与 JDK 8 版本中已经发生的行为类似。
回答by Sridhar Sarnobat
The stated answers are correct, but I'm just sharing one additional gotcha that was applicable to my case: in addition to using setProtocol/withProtocol, you may have some nasty jars that won't go away even if have the right jars plus an old one:
所述答案是正确的,但我只是分享一个适用于我的案例的额外问题:除了使用setProtocol/ 之外withProtocol,您可能还有一些讨厌的罐子,即使有正确的罐子和旧罐子也不会消失:
Remove
消除
<dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<version>3.1</version>
</dependency>
Retain
保持
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.4.6</version>
</dependency>
Java is backward compatible, but most libraries are not. Each day that passes the more I wish shared libraries were outlawed with this lack of accountability.
Java 向后兼容,但大多数库不是。每一天过去,我都希望共享库因缺乏问责制而被取缔。
Further info
更多信息
java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
回答by Filip
You should probably be looking to the configuration that controls the underlying platform TLS implementation via -Djdk.tls.client.protocols=TLSv1.2.
您可能应该查看通过-Djdk.tls.client.protocols=TLSv1.2.
回答by Vaibhav Jain
To force enable TLSv1.2 in JRE7u_80 I had to use following code snippet before creating JDBC connection.
要在 JRE7u_80 中强制启用 TLSv1.2,我必须在创建 JDBC 连接之前使用以下代码片段。
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.net.ssl.SSLContextSpi;
import sun.security.jca.GetInstance;
import sun.security.jca.ProviderList;
import sun.security.jca.Providers;
public static void enableTLSv12ForMssqlJdbc() throws NoSuchAlgorithmException
{
ProviderList providerList = Providers.getProviderList();
GetInstance.Instance instance = GetInstance.getInstance("SSLContext", SSLContextSpi.class, "TLS");
for (Provider provider : providerList.providers())
{
if (provider == instance.provider)
{
provider.put("Alg.Alias.SSLContext.TLS", "TLSv1.2");
}
}
}
Able to connect to Windows 10 with SQL server 2017 & TLSv1.2 enabled OS.
能够使用支持 SQL Server 2017 和 TLSv1.2 的操作系统连接到 Windows 10。
回答by Omar
I solved this issue by using
我通过使用解决了这个问题
Service.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
回答by isubodh
I had similar issue when connecting to RDS Oracle even when client and server were both set to TLSv1.2 the certs was right and java was 1.8.0_141 So Finally I had to apply patch at Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
我在连接到 RDS Oracle 时遇到了类似的问题,即使客户端和服务器都设置为 TLSv1.2 证书是正确的并且 java 是 1.8.0_141 所以最后我不得不在Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files上应用补丁
After applying the patch the issue went away and connection went fine.
应用补丁后,问题消失,连接正常。
