带有CXF的Soap,设置SSL和TLS协议版本
[英]Soap with CXF, set SSL and TLS protocol version
问题描述
According the following code, how can I set protocols to TLSv1.2,TLSv1,SSLv3 ? 
根据以下代码,如何将协议设置为TLSv1.2,TLSv1,SSLv3?
Using SoapUi, I'm able to request the service using the following config : -Dsoapui.https.protocols=TLSv1.2,TLSv1,SSLv3 使用SoapUi,我可以使用以下配置请求服务:-Dsoapui.https.protocols = TLSv1.2,TLSv1,SSLv3
Using CXF, i'm getting a "javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" 使用CXF,我收到“ javax.net.ssl.SSLHandshakeException:没有适当的协议(协议被禁用或密码套件不合适)”
If i'm removing SSLv3, the output is "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure" 如果我要删除SSLv3,则输出为“ javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure”
Sorry for my poor knowledge about Soap and SSL... 抱歉,我对Soap和SSL的了解不多...
URL wsdlLocation = this.getClass().getResource("service.wsdl");
Service service = new Service(wsdlLocation);
Soap stub = service.getSoap();
BindingProvider bp = (BindingProvider) stub;
Map<String, Object> context = bp.getRequestContext();
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service");
Client client = ClientProxy.getClient(stub);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
tlsParams.setSecureSocketProtocol("SSLv3");
KeyStore keyStore = KeyStore.getInstance("JKS");
String trustpass = "pass";
File truststore = new File("/home/user/keystore.jks");
keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
truststore = new File("/home/user/keystore.jks");
keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, trustpass.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_EXPORT_.*");
filter.getInclude().add(".*_EXPORT1024_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
tlsParams.setCipherSuitesFilter(filter);
httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
LOG.error(e.getMessage());
}
1 个解决方案
解决方案1
1 2016-09-13 09:47:20
I have encountered the same issue and solved it through change the protocol name from tlsParams.setSecureSocketProtocol("SSL"); 我遇到了同样的问题,并通过从tlsParams.setSecureSocketProtocol("SSL");更改协议名称来解决了该问题tlsParams.setSecureSocketProtocol("SSL"); to tlsParams.setSecureSocketProtocol("TLSv1"); 到tlsParams.setSecureSocketProtocol("TLSv1");
Notice You should determine which protocol version(SSLv1? SSLv2? TLSv1....) previously before you change it. 注意更改之前,应先确定哪个协议版本(SSLv1?SSLv2?TLSv1 ....)。 Please refer to determine the protocol name and version 请参考确定协议名称和版本
Plus if this workaround do not work for you please refer to possible causes Hope this work for you and others 另外,如果此解决方法对您不起作用,请参阅可能的原因希望对您和其他人有用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.