参考POODLE漏洞,我需要强制我的代码使用仅限TLSv1 和 NOT SSLv3 。我在server.xml文件中设置了 sslProtocols =“TLSv1”,并将系统属性“https.protocols”设置为“TLSv1”。虽然这适用于使用HttpsUrlConnection创建的连接,但这并不能解决使用 org.apache.commons.httpclient.HttpClient创建的连接
Java版本是1.5 +
我的示例代码如下
连接启动
MultiThreadedHttpConnectionManager httpConnectionManager = new MultiThreadedHttpConnectionManager();
connParams = httpConnectionManager.getParams();
connParams.setDefaultMaxConnectionsPerHost(10);
connParams.setMaxTotalConnections(75);
connParams.setConnectionTimeout(1000);
connParams.setSoTimeout(30000);
httpConnectionManager.setParams(connParams);
clientParams = new HttpClientParams();
clientParams.setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(0, true));
try{
Protocol customHttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
Protocol.registerProtocol("https",customHttps); //No I18N
}
catch(Exception ex)
{
ex.printStackTrace();
}
httpClient = new org.apache.commons.httpclient.HttpClient(clientParams, httpConnectionManager);
网址调用
HttpMethod method = new GetMethod(url);
client.executeMethod(method);
Properties serviceData = new Properties();
serviceData.load(method.getResponseBodyAsStream());
收到错误
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
非常感谢任何有助于解决此问题的帮助。
提前致谢。
- N.Shankar