我正在尝试使用Apache HttpClient 4.1 ....连接到HTTPs URL。
HttpGet httpget = new HttpGet("https://federation/galaxy-class/enterprise/getSheildFrequencies");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpResponse response = httpclient.execute(httpget);
在连接过程中,我得到以下异常......
Caught: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
当我打开调试时,我会看到以下内容..
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, handling exception: java.net.SocketException: Connection reset
所以看起来我的客户端在TLSv1中进行了握手,但随后在SSLv2中发送了客户端问候,服务器不喜欢它(因为它不支持SSLv2向后兼容模式,所以放弃了连接)。
有没有办法告诉Apache HttpClient不要这样做?或者这是在底层JRE配置的(我使用的是1.6)?
更新
正如bmargulies建议的那样,我尝试创建自己的套接字工厂并将其配置为仅允许我想要的协议....
def supportedProtocols = new String[2]
supportedProtocols[0] = 'SSLv3'
supportedProtocols[1] = 'TLSv1'
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),supportedProtocols,
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
HttpResponse response = client.execute(httpget);
但是这给了另一个例外......
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
答案 0 :(得分:1)
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainSocketFactory.INSTANCE)
.register("https", new SSLSocketFactory(sslcontext, hostnameVerifier))
.build();
答案 1 :(得分:0)
从SSLContext启用的协议中删除SSLv2ClientHello。