如何强制Apache的CloseableHttpClient使用TLSv1.2?

时间:2019-07-29 19:09:45

标签: java apache ssl tls1.2

在Java中,我需要获取Apache CloseableHttpClient才能使用TLSv1.2。当前,它看起来像使用HTTP / 1.1。如何在下面的代码中指定协议版本?

 public static void main(String [] args){
                                try {
                      SSLContext sslContext = SSLContext.getInstance("TLS");
                                  @SuppressWarnings("static-access")
                                  CloseableHttpClient httpclient = HttpClientBuilder.create()
                                    .setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext.getDefault(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
                                    .build();
                      HttpHost target = new HttpHost("https://www.sometest.com", 443, "https");
                      String call = "/vivisimo/cgi-bin/velocity";
                      HttpGet getRequest = new HttpGet(call);
                      System.out.println("Protocol Version:" + getRequest.getProtocolVersion());
                     } catch (Exception e) {
                      e.printStackTrace();
                                  }
}

1 个答案:

答案 0 :(得分:0)

在创建SSLContext时,它指定必须使用TLS而不是获取默认值:

SSLContext sslContext = SSLContextBuilder.create().build();

或者:

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(....);

或者简单地使用:

SSLContext sslContext = SSLContexts.custom().build()

根据您的代码,这里是运行示例(它建立了与google.com的连接)。我已启用调试日志。在日志中查找negotiated protocol: TLSv1.2。现在,在创建http客户端(TLS)的同时将1.1的版本更改为new String[] { "TLSv1.1" },运行程序并观察字符串“ negotiated protocol ..”更改为TLSv1.1。 您之前打印的是HTTP协议版本。 

import org.apache.http.HttpHost;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;

import javax.net.ssl.SSLContext;
import java.io.OutputStreamWriter;
import java.io.PrintStream;
import java.io.StringWriter;

public class ForceTLS12 {
    public static void main(String[] args) {
        try {
            System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
            System.setProperty("org.apache.commons.logging.simplelog.showdatetime","true");
            System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http","DEBUG");
            System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire","DEBUG");
            //SSLContext sslContext = SSLContext.getInstance("TLS");
            @SuppressWarnings("static-access")
            CloseableHttpClient httpclient = HttpClientBuilder.create()
                    .setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom().build(), new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
                    .build();
            HttpHost target = new HttpHost("www.google.com", 443, "https");
            //String call = "/vivisimo/cgi-bin/velocity";
            HttpGet getRequest = new HttpGet(target.toURI());
            CloseableHttpResponse resposne = httpclient.execute(getRequest);

            System.out.println(resposne.getEntity().getContentType());
            System.out.println("Protocol Version:" + getRequest.getProtocolVersion());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

此可执行代码示例也可以在github上获得。

相关问题
最新问题