如何检查服务器是否支持Java的SSL?
[英]How to check whether a server supports SSL with Java?
问题描述
I need to check whether a server supports SSL and the ciphers from the web server. 
我需要检查服务器是否支持SSL和来自Web服务器的密码。
I looked into SSLSocket in Java but I do not get it to work properly. 我查看了Java中的SSLSocket,但无法正常工作。
I used the method getSupportedProtocols() it always gives out the same protocols for each url. 我使用了getSupportedProtocols()方法,它总是为每个URL给出相同的协议。 Moreover I do not get the ciphers that are given from the server. 此外,我没有从服务器获得密码。 I guessed getEnabledCipherSuites() would be the correct method 我猜想getEnabledCipherSuites()将是正确的方法
try {
SSLContext ctx = SSLContext.getDefault();
ctx.getClientSessionContext().setSessionTimeout(5); // in seconds
SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket("host.com", 443);
socket.setSoTimeout(5000); // in millis
String[] result = socket.getEnabledCipherSuites();
Arrays.sort(result);
for (int i = 0; i < result.length; i++) {
System.out.println(result[i]);
}
} catch (IOException ex) {
System.out.println("Error!");
}
How can I check that the server uses SSL? 如何检查服务器使用SSL? What ciphers were returned from the server? 服务器返回了什么密码?
2 个解决方案
解决方案1
5 已采纳 2015-08-17 16:02:57
getSupportedProtocols()/CipherSuites() returns the lists of protocols and ciphers (respectively) that your side can support. getSupportedProtocols()/CipherSuites()返回您一方可以支持的协议和密码的列表。 getEnabledProtocols()/CipherSuites() returns the subset of these lists that are enabled on your side. getEnabledProtocols()/CipherSuites()返回您已启用的这些列表的子集。
That won't tell you much about about what the server supports. 这不会告诉您有关服务器支持什么的太多信息。
According to the TLS specification, the client sends the highest protocol version can use and the list of cipher suites it wants to use. 根据TLS规范,客户端发送可以使用的最高协议版本以及要使用的密码套件列表。 The server then uses the highest protocol it supports within that list (if any) and selects the cipher suite it wants amongst that list (if any). 然后,服务器使用该列表(如果有)中支持的最高协议,并从该列表(如果有)中选择所需的密码套件。
There's some flexibility regarding how the cipher suite selection is done (see SSLHonorCipherOrder directive in Apache Httpd , for example). 关于如何完成密码套件选择,有一些灵活性(例如,请参阅Apache SSLHonorCipherOrder指令 )。
Essentially, if you want to see which cipher suites are actually supported by your server, you'll have to iterate through each cipher suite you support and enable them one by one to try a handshake. 本质上,如果要查看服务器实际支持的密码套件,则必须遍历所支持的每个密码套件,并使它们一个接一个地进行尝试。
解决方案2
0 2015-08-17 16:04:19
used the method getSupportedProtocols() it always gives out the same protocols for each url.
It always give you the protocols supported by your end. 它始终为您提供最终支持的协议。 That doesn't change per URL. 每个网址都不会改变。
Moreover I do not get the ciphers that are given from the server.
You guessed wrong. 你猜错了。 It gives you the ciphers supported by your end. 它为您提供了最终支持的密码。
How can I check that the server uses SSL?
Call startHandshake() and catch the exception. 调用startHandshake()并捕获异常。
What ciphers were returned from the server?
You can't, but you can tell what cipher suite was negotiated, by looking in the SSLSession . 您不能,但是可以通过查看SSLSession协商了什么密码套件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.