我在 application.properies 文件中启用了具有以下属性的Spring Boot SSL / TLS:
server.port=8443
server.ssl.key-store=classpath:security/keystore.p12
server.ssl.key-store-password=springboot
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat
server.ssl.protocol=TLSv1.2
server.ssl.enabled=true
security.require-ssl=true
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE-RSA-AES256-GCM-SHA384,TLS_ECDHE-ECDSA-CHACHA20-POLY1305,TLS_ECDHE-RSA-CHACHA20-POLY1305,TLS_ECDHE-ECDSA-AES128-GCM-SHA256,TLS_ECDHE-RSA-AES128-GCM-SHA256,TLS_ECDHE-ECDSA-AES256-SHA384TLS_ECDHE-RSA-AES256-SHA384,TLS_ECDHE-ECDSA-AES128-SHA256,TLS_ECDHE-RSA-AES128-SHA256
我还配置了HTTP连接器,将端口8080上的流量请求重定向到端口8443,并在配置类中使用这些行
@Bean
public EmbeddedServletContainerFactory servletFactory(){
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context){
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
一切正常但如果我使用 Wireshark 扫描我的流量,我找不到TLSv1.2协议包,只能找到TCP包。 这是正确的行为还是有什么问题?
感谢所有人。
更新 以下是Wireshark的截图: myApp,captured searching Facebook
