如何在JAVA中加速tls谈判?
[英]How to accelerate tls negotiation in JAVA?
问题描述
There'a a private web server(https supported) on which i need to read/set some information frequently. 
有一个私人Web服务器(支持https),我需要在该服务器上经常读取/设置一些信息。 I made some java code to do it automatically. 我编写了一些Java代码来自动执行此操作。 When I use Chrome to access it, the first connection is slow(maybe 5 seconds) but the continuous connection is fast(about 1S). 当我使用Chrome进行访问时,第一个连接速度很慢(可能是5秒),但连续连接速度很快(大约1S)。 With my java code, it is slow everytime. 用我的Java代码,每次都很慢。 I know the problem is that full TLS handshake is performed in every connection with my code. 我知道问题是在与我的代码的每个连接中都执行了完整的TLS握手。 My question is, what does Chrome do to make it fast and how can i simulate it in my code? 我的问题是,Chrome如何使它快速运行?如何在代码中对其进行仿真? Below is part of my code: 以下是我的代码的一部分:
class MyTrust implements X509TrustManager{
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() {return null; }
}
and in another class where connection is established: 在建立连接的另一个类中:
URLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[] { new MyTrust() }, new java.security.SecureRandom());
((HttpsURLConnection) conn).setSSLSocketFactory(sc.getSocketFactory());
I'm reading Java Secure Socket Extension (JSSE) Reference Guide but find it's difficult to understand. 我正在阅读《 Java安全套接字扩展(JSSE)参考指南》,但很难理解。 Is it SessinID or Principal that works? 是SessinID还是Principal起作用? Can anyone give me some hints? 谁能给我一些提示吗?
1 个解决方案
解决方案1
0 已采纳 2018-02-07 03:32:12
Your java code establish a connection every time, so a TLS handshake is performed every time. 您的Java代码每次都会建立连接,因此每次都会执行TLS握手。
But browsers(such as Chrome) will try to keep the connection alive(by add a Connection:Keep-Alive header in requests), if the server accepts keep-alive connection(by returning a Connection:Keep-Alive header in the response), which most servers do, the browser will try to use this same connection on ongoing requests, thus won't need to perform TLS handshake everytime. 但是,如果服务器接受保持活动的连接(通过在响应中返回Connection:Keep-Alive标头),则浏览器(例如Chrome)将尝试使连接保持活动状态(通过在请求中添加Connection:Keep-Alive标头)。 ,大多数服务器都会这样做,浏览器将尝试对正在进行的请求使用相同的连接,因此无需每次都执行TLS握手。
For your java code, you can store the connection in a pool, and reuse it. 对于Java代码,您可以将连接存储在池中,然后重新使用它。 You can check Apache HttpComponents , which support http connection pooling 您可以检查支持http连接池的Apache HttpComponents 。
Edited from comments: 从评论中编辑:
Since the real problem is about SSL/TLS session reuse not working. 由于真正的问题在于SSL / TLS会话重用不起作用。 I suspect it is caused by misuse of JSSE. 我怀疑这是由于滥用JSSE引起的。 You must use same SSLContext on each connection to enable session reuse. 您必须在每个连接上使用相同的SSLContext才能启用会话重用。 Further more, the session could be discarded due to some wrong operations on the connection(such as reading past the end of the stream). 此外,由于连接上的某些错误操作(例如,读取流的末尾),会话可能会被丢弃。 There are some details listed here: How to enable client TLS session reuse in Java 这里列出了一些详细信息: 如何在Java中启用客户端TLS会话重用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.