如何在使用Apache HTTP Client时设置EnabledCipherSuite?
[英]How to setEnabledCipherSuites when using Apache HTTP Client?
问题描述
Since I need to work with some legacy server, and since RC4 was removed from the Java 8, I need to re-enable some RC4 based ciphers. 
由于我需要使用一些遗留服务器,并且由于RC4已从Java 8中删除,我需要重新启用一些基于RC4的密码。 As described in the release note we have to use SSLSocket/SSLEngine.setEnabledCipherSuites() . 如发行说明中所述,我们必须使用SSLSocket/SSLEngine.setEnabledCipherSuites() 。 Since I'm using Apache HTTP Client I was not able to find a way to do this. 由于我使用Apache HTTP Client,因此无法找到实现此目的的方法。 Thanks in advance! 提前致谢! (I also found quite semitrailer problem with out an answer so thought of posting a new one) (我也找到了一个半挂车的问题而没有回答,所以想发布一个新的)
2 个解决方案
解决方案1
2 2016-04-20 06:56:13
I was facing the same problem and I was able to figure this out. 我遇到了同样的问题,我能够解决这个问题。
SecureProtocolSocketFactoryImpl protFactory = new SecureProtocolSocketFactoryImpl();
httpsClient.getHostConfiguration().setHost(host, port, httpsProtocol);
In the "SecureProtocolSocketFactoryImpl" class you have to override the method public Socket createSocket() for SecureProtocolSocketFactory class. 在“SecureProtocolSocketFactoryImpl”类中,您必须覆盖SecureProtocolSocketFactory类的方法public Socket createSocket()。
In that method you will get a socket like this 在那种方法中,你将获得这样的套接字
SSLSocket soc = (SSLSocket) getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
So there you will be able to do something like below. 所以你可以做下面的事情。
ciphersToBeEnabled[0] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
soc.setEnabledCipherSuites(ciphersToBeEnabled);
hope you get the idea. 希望你明白这个主意。 If you have any problems please comment below. 如果您有任何问题,请在下面评论。 Note that doing this only will not enable RC4 related ciphers. 请注意,这样做只会启用RC4相关的密码。 You will need to modify java "java.security" file in jre/lib/security/ file and remove CR4 form the disabled algorithm list. 您需要修改jre / lib / security / file中的java“java.security”文件,并从禁用的算法列表中删除CR4。
解决方案2
1 2016-04-20 07:18:57
The recommended way to get the HttpClient is by using HttpClientBuilder . 获取HttpClient的推荐方法是使用HttpClientBuilder 。 In this builder, you can set the HttpClientConnectionManager which in turn can take a Registry<ConnectionSocketFactory> . 在此构建器中,您可以设置HttpClientConnectionManager ,而HttpClientConnectionManager又可以使用Registry<ConnectionSocketFactory> 。 In this ConnectionSocketFactory , you can configure ciphers and protocols that the client want to restrict. 在此ConnectionSocketFactory ,您可以配置客户端要限制的密码和协议。
Sample Code: 示例代码:
Registry<ConnectionSocketFactory> socketFactoryRegistry;
{
SSLContext sslcontext = <your SSLContext>;
socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", new SSLConnectionSocketFactory(sslcontext,
<your supported protocols, could be null>,
<your supported ciphers, could be null>,
<your HostnameVerifier>
.build();
}
HttpClientBuilder b = HttpClientBuilder.create()
.setConnectionManager(new BasicHttpClientConnectionManager(socketFactoryRegistry))
.set<anything else you want>(<with what you want>);
HttpClient client = b.build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.