如何使用Apache HttpClient启用SSLv3?
[英]How to enable SSLv3 with Apache HttpClient?
问题描述
SSLv3 is disabled in Apache HttpClient since version 4.3.6, but I'm using version 4.5. 
从4.3.6版开始,Apache HttpClient中已禁用SSLv3,但我使用的是4.5版。 The developers wrote : 开发人员写道 :
Those users who wish to continue using SSLv3 need to explicitly enable support for it.
I tried to set the supported protocols on the JVM level, but it didn't work. 我试图在JVM级别上设置受支持的协议,但是没有用。 The example is in Scala, but that is not relevant for the problem: 该示例在Scala中,但是与该问题无关:
System.setProperty("https.protocols", "SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2")
My second try was this: 我的第二次尝试是这样的:
val instance: CloseableHttpClient = {
val trustStrategy = new TrustStrategy {
override def isTrusted(x509Certificates: Array[X509Certificate], s: String) = true
}
val sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build()
val sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE)
val socketFactoryRegistry =
RegistryBuilder.create[ConnectionSocketFactory]()
.register("http", PlainConnectionSocketFactory.getSocketFactory)
.register("https", sslSocketFactory)
.build()
val connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry)
HttpClients.custom()
.disableRedirectHandling()
.setSSLContext(sslContext)
.setConnectionManager(connectionManager)
.build()
}
But it didn't work either. 但这也不起作用。
How can I connect to hosts supporting SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2 with Apache HttpClient 4.5? 如何通过Apache HttpClient 4.5连接到支持SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2的主机?
1 个解决方案
解决方案1
5 已采纳 2015-07-24 15:13:37
HttpClient does not take system properties into account by default. HttpClient默认情况下不考虑系统属性。 One either needs to instruct HttpClient builder to do so 要么需要指示HttpClient构建器这样做
CloseableHttpClient client = HttpClients.createSystem();
or manually configure connection socket factory with custom protocol settings 或使用自定义协议设置手动配置连接套接字工厂
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] { "SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
EDIT 编辑
This code snippet works just fine with the site mentioned in a comment 此代码段与注释中提到的网站配合使用时效果很好
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLContext.getDefault(),
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", socketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build();
try (CloseableHttpResponse response = client.execute(new HttpGet("https://www.ethz.ch/de.html"))) {
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.