Google表示,默认情况下,为http客户端启用了TLS 1,我们必须启用TLSv1.2自己才能使用它。谁能告诉我怎么做?
我使用Jetty作为服务器并在其上启用了TLSv1.2协议。
我正在使用httpClient 4.4.1
在我的客户端,我已经完成了:
sslcontext = SSLContexts.custom()
.loadTrustMaterial(trustStore, null)
.loadKeyMaterial(client_key_store, "password".toCharArray())
.useProtocol("TLSv1.2")
.build();
SSLConnectionSocketFactory factory=new SSLConnectionSocketFactory(sslcontext, new String[]{"TLSv1.2"},sslcontext..getDefaultSSLParameters().getCipherSuites(), SSLConnectionSocketFactory.getDefaultHostnameVerifier());
try (CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(factory).build()) {
HttpGet req = new HttpGet("https://localhost:8443/");
System.out.println("executing request" + req.getRequestLine());
try (CloseableHttpResponse response = httpclient.execute(req)) {
HttpEntity entity = response.getEntity();
System.out.println("*** Reponse status:" + response.getStatusLine());
EntityUtils.consume(entity);
System.out.println("*** Response entity: "+ entity.toString());
}
}
然后我排除了所有那些密码套件(我使用了
)sslcontext.getDefaultSSLParameters().getCipherSuites()
除了jetty服务器上的“TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256”之外,它给了我错误。 I need this ciphersuite. Java says it is implemented in tLSv1.2 in JAVA7
<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>...</Item>
<!--
<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</Item>
-->
</Array>
</Set>