从 Java 6 使用 TLS 1.2
[英]Using TLS 1.2 from java 6
问题描述
We have a legacy web application that runs in a tomcat under java 6, upgrading to 7 or 8 is infeasible as the application needs significant work to allow this and the fixes required are too large to implement in a legacy application.
我们有一个在 java 6 下的 tomcat 中运行的遗留 Web 应用程序,升级到 7 或 8 是不可行的,因为应用程序需要大量工作才能实现这一点,并且所需的修复程序太大而无法在遗留应用程序中实现。 We now have a requirement to connect outbound (ie as a client) over TLS 1.2 however java 6 only supports 1.0.我们现在需要通过 TLS 1.2 连接出站(即作为客户端),但是 java 6 仅支持 1.0。 We use Apache as our web-server and OpenSSL for incoming connections and this happily supports TLS 1.2 etc.我们使用 Apache 作为我们的网络服务器和 OpenSSL 用于传入连接,这很高兴支持 TLS 1.2 等。
Has anyone had to address a similar issue, or can you comment on the following potential work arounds:有没有人必须解决类似的问题,或者您能否评论以下潜在的解决方法:
- Loopback to localhost (or otherwise redirect) and use OpenSSL to create a TLS 1.2 connection,环回本地主机(或以其他方式重定向)并使用 OpenSSL 创建 TLS 1.2 连接,
- effectively an internal proxy有效的内部代理
- can openssl be a client? openssl 可以成为客户端吗?
- do we need s_client?我们需要 s_client 吗?
- effectively an internal proxy
- Use our current the firewall to upgrade the connection使用我们当前的防火墙升级连接
- this would need to be selective这需要有选择性
- Obviously implementing this will depend on the firewall显然实现这将取决于防火墙
- this would need to be selective
- Use “Bouncy Castle” ( https://www.bouncycastle.org/ )使用“充气城堡”( https://www.bouncycastle.org/ )
1 个解决方案
解决方案1
1 2016-04-05 17:44:59
Don't use openssl's s_client for this - it's slow, and intended more for debugging/testing.不要为此使用 openssl 的 s_client - 它很慢,并且更多地用于调试/测试。
Try using stunnel .尝试使用stunnel 。 It's designed for use cases like yours, and you can find plenty of example configs to get you started.它专为像您这样的用例而设计,您可以找到大量示例配置来帮助您入门。 You'd want to make sure to include the sslVersion = TLSv1.2 directive in your configuration to force use of TLS 1.2.您需要确保在配置中包含sslVersion = TLSv1.2指令以强制使用 TLS 1.2。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.