Question

根据以下代码，如何设置TLSv1.2，TLSv1，SSLv3的协议？

使用SoapUi，我可以使用以下配置请求服务：-Dsoapui.https.protocols = TLSv1.2，TLSv1，SSLv3

使用CXF，我得到了＆＃34; javax.net.ssl.SSLHandshakeException：没有合适的协议（协议被禁用或密码套件不合适）＆＃34;

如果我正在删除SSLv3，则输出为＆＃34; javax.net.ssl.SSLHandshakeException：收到致命警报：handshake_failure＆＃34;

很抱歉，我对Soap和SSL的了解不足......

URL wsdlLocation = this.getClass().getResource("service.wsdl");

Service service = new Service(wsdlLocation);
Soap stub = service.getSoap();

BindingProvider bp = (BindingProvider) stub;

Map<String, Object> context = bp.getRequestContext();

context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service");

Client client = ClientProxy.getClient(stub);

HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    tlsParams.setSecureSocketProtocol("SSLv3");

    KeyStore keyStore = KeyStore.getInstance("JKS");
    String trustpass = "pass";

    File truststore = new File("/home/user/keystore.jks");
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
    TrustManagerFactory trustFactory = TrustManagerFactory
            .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(keyStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);

    truststore = new File("/home/user/keystore.jks");
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, trustpass.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);

    FiltersType filter = new FiltersType();
    filter.getInclude().add(".*_EXPORT_.*");
    filter.getInclude().add(".*_EXPORT1024_.*");
    filter.getInclude().add(".*_WITH_DES_.*");
    filter.getInclude().add(".*_WITH_NULL_.*");
    filter.getExclude().add(".*_DH_anon_.*");
    tlsParams.setCipherSuitesFilter(filter);

    httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
    LOG.error(e.getMessage());
}

Answer 1

我遇到了同样的问题，并通过更改协议名称解决了这个问题 tlsParams.setSecureSocketProtocol("SSL"); 至 tlsParams.setSecureSocketProtocol("TLSv1");

注意在更改之前，您应该先确定哪个协议版本（SSLv1？SSLv2？TLSv1 ....）。请参阅determine the protocol name and version

此外，如果此解决方法不适合您，请参阅possible causes 希望这对你和其他人有用

使用CXF肥皂，设置SSL和TLS协议版本

1 个答案: