Java HttpsURLConnection 和 TLS 1.2
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30121510/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Java HttpsURLConnection and TLS 1.2
提问by Marc Wittmann
I read in an article that HttpsURLConnectionwill transparently negotiate the SSL connection.
我读过一篇文章,HttpsURLConnection它将透明地协商 SSL 连接。
The official document says:
官方文件说:
This class uses HostnameVerifier and SSLSocketFactory. There are default implementations defined for both classes. [1]
此类使用 HostnameVerifier 和 SSLSocketFactory。这两个类都定义了默认实现。[ 1]
Does that mean once you open a connection with
这是否意味着一旦您打开与
httpsCon = (HttpsURLConnection) url.openConnection();
It is already SSL/TLS encrypted without any more hassle?
它已经是 SSL/TLS 加密的,没有任何麻烦?
How can I view and set the TLS version for the standard implementation? (Should be TLS 1.2 for Java 8 and TLS 1.0 for Java 7)
如何查看和设置标准实现的 TLS 版本?(对于 Java 8 应该是 TLS 1.2,对于 Java 7 应该是 TLS 1.0)
References
参考
- Oracle Corp. (2011). javax.net.ssl.HttpsURLConnection. (JavaDoc)
- 甲骨文公司(2011 年)。javax.net.ssl.HttpsURLConnection。(JavaDoc)
采纳答案by JoCoaker
You will have to create an SSLContextto set the Protocoll:
in Java 1.8:
您必须创建一个SSLContext来设置 Protocoll:
在Java 1.8 中:
SSLContext sc = SSLContext.getInstance("TLSv1.2");
// Init the SSLContext with a TrustManager[] and SecureRandom()
sc.init(null, trustCerts, new java.security.SecureRandom());
in Java 1.7:
在Java 1.7 中:
SSLContext sc = SSLContext.getInstance("TLSv1");
// Init the SSLContext with a TrustManager[] and SecureRandom()
sc.init(null, trustCerts, new java.security.SecureRandom());
then you just have to set the SSLContextto the HttpsURLConnection:
那么您只需将SSLContext设置为HttpsURLConnection:
httpsCon.setSSLSocketFactory(sc.getSocketFactory());
That should do the Trick.
这应该够了吧。
回答by Kondal Kolipaka
You can also set TLS 1.2 protocol with the JDK 1.7. By default JDK 1.7 will set it to 1.0.
您还可以使用 JDK 1.7 设置 TLS 1.2 协议。默认情况下,JDK 1.7 会将其设置为 1.0。
SSLContext sc = SSLContext.getInstance("TLSv1.2"); //$NON-NLS-1$
sc.init(null, null, new java.security.SecureRandom());
HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection();
con.setSSLSocketFactory(sc.getSocketFactory());
回答by Rahul
private static javax.net.ssl.SSLSocketFactory getFactorySimple()
throws Exception {
SSLContext context = SSLContext.getInstance("TLSv1.2");`
context.init(null, null, null);
return context.getSocketFactory();
}
String loginurl ="some url";
HttpsURLConnection connection = null;
URL url = new URL(loginURL);
connection = (HttpsURLConnection) url.openConnection();
javax.net.ssl.SSLSocketFactory sslSocketFactory =getFactorySimple();
connection.setSSLSocketFactory(sslSocketFactory);
The above code can be used to enable tls 1.1 or tls 1.2 in java 1.7
以上代码可用于在java 1.7中启用tls 1.1或tls 1.2
