我们现有的系统工作是许多不同的外部提供商的数据收集器
我们正在使用 RestTemplate (Rest API)来与这些外部商品一起使用,
我们计划与仅具有CA证书和TLSv1.2的提供一起使用
在有限的时间内,我想用 try / catch 包装RestTemplate API调用,并将有问题的URL写入日志,然后更改回以信任所有小于1.2的证书和TLSv:
try {
ResponseEntity<T> response = restTemplate.exchange(url, method, httpEntity, responseClass, new HashMap<>());
return response.getBody();
} catch (javax.net.ssl.SSLHandshakeException e) {
String errorMessage = e.getMessage();
if (errorMessage.contains("protocol version is not enabled or not supported by the client")){
LOG.error("TLS version is not supported for URL:{}", request.getURI());
}
if (errorMessage.contains("unable to find valid certification path to requested target")){
LOG.error("Server certificate is not Trusted URL:{}", request.getURI());
}
// 1 - back to support all certificates
// 2 - back to support TLSv less than 1.2
// call restTemplate.exchange
}