由于我需要使用一些旧版服务器,并且从{8}中删除了RC4,我需要重新启用一些基于RC4的密码。如发行说明中所述,我们必须使用SSLSocket/SSLEngine.setEnabledCipherSuites()。由于我使用的是Apache HTTP Client,因此无法找到实现此目的的方法。提前致谢! (我也找到了一个半挂车的问题而没有回答,所以想发布一个新的)
答案 0 :(得分:2)
我遇到了同样的问题,我能够解决这个问题。
SecureProtocolSocketFactoryImpl protFactory = new SecureProtocolSocketFactoryImpl();
httpsClient.getHostConfiguration().setHost(host, port, httpsProtocol);
在" SecureProtocolSocketFactoryImpl" class必须覆盖SecureProtocolSocketFactory类的方法public Socket createSocket()。
在那种方法中你会得到一个像这样的套接字
SSLSocket soc = (SSLSocket) getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
所以你可以做下面的事情。
ciphersToBeEnabled[0] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
soc.setEnabledCipherSuites(ciphersToBeEnabled);
答案 1 :(得分:1)
获取HttpClient的推荐方法是使用HttpClientBuilder。在此构建器中,您可以设置HttpClientConnectionManager,而Registry<ConnectionSocketFactory>又可以ConnectionSocketFactory。在此Registry<ConnectionSocketFactory> socketFactoryRegistry;
{
SSLContext sslcontext = <your SSLContext>;
socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", new SSLConnectionSocketFactory(sslcontext,
<your supported protocols, could be null>,
<your supported ciphers, could be null>,
<your HostnameVerifier>
.build();
}
HttpClientBuilder b = HttpClientBuilder.create()
.setConnectionManager(new BasicHttpClientConnectionManager(socketFactoryRegistry))
.set<anything else you want>(<with what you want>);
HttpClient client = b.build();
中,您可以配置客户端要限制的密码和协议。
示例代码:
class App(Frame):
def __init__(self, master):
self.frame = Frame(master)
self.frame.pack()
self.createWidgets()
def createWidgets(self):
photo = PhotoImage(file="screeniess.png")
w = Label(self.frame, image=photo)
w.photo = photo
w.pack()
root = Tk()
root.title("Application")
root.geometry("400x500")
root.resizable(0,0)
root.mainloop()