堆栈内存溢出
  简体   繁体   English

在 Eclipse Paho 的 Java 版本中使用不安全的 TLS

[英]Using Insecure TLS in Java version of Eclipse Paho

 原文  2022-08-18 17:24:52       ssl/ mqtt/ paho/ tls1.3

问题描述

I am trying to connect to an MQTT server without having to validate the TLS certs.我正在尝试连接到 MQTT 服务器而无需验证 TLS 证书。 I am using the latest version of Eclipse Paho from a Java program.我正在使用来自 Java 程序的 Eclipse Paho 的最新版本。 I cannot find a way to turn off the validation.我找不到关闭验证的方法。

In the Python version of Eclipse Paho, the vendor who is running the server uses the following code to turn off the validation:在Eclipse Paho的Python版本中,运行服务器的厂商使用如下代码关闭验证:

        client = mqtt_client.Client(client_id, transport='websockets')
        client.tls_set("", cert_reqs=ssl.CERT_NONE)
        client.tls_insecure_set(True)

I don't see an equivalent for Java.我没有看到 Java 的等价物。

Does anyone know how I can accomplish this in Java?有谁知道我如何在 Java 中实现这一点?

1 个解决方案

解决方案1
 0  2022-08-18 21:09:25

You will need to pass a custom SSLSocketFactory as part of the MqttConnectOptions object passed to the Paho client's connect() method.您需要将自定义SSLSocketFactory作为 MqttConnectOptions object 的一部分传递给 Paho 客户端的connect()方法。

This will come from on a SSLContext with a custom TrustManager eg这将来自带有自定义TrustManagerSSLContext ,例如

TrustManager [] trustAllCerts = new TrustManager [] {new X509ExtendedTrustManager () {
   @Override
   public void checkClientTrusted (X509Certificate [] chain, String authType, Socket socket) {

   }

   @Override
   public void checkServerTrusted (X509Certificate [] chain, String authType, Socket socket) {

   }

   @Override
   public void checkClientTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {

   }

   @Override
   public void checkServerTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {

   }

   @Override
   public java.security.cert.X509Certificate [] getAcceptedIssuers () {
      return null;
   }

   @Override
   public void checkClientTrusted (X509Certificate [] certs, String authType) {
   }

   @Override
   public void checkServerTrusted (X509Certificate [] certs, String authType) {
   }

}};

SSLContext sc = null;
try {
   sc = SSLContext.getInstance ("TLS");
   sc.init (null, trustAllCerts, new java.security.SecureRandom ());
} catch (KeyManagementException | NoSuchAlgorithmException e) {
   e.printStackTrace ();
}

String uri = "ssl://localhost:1884";
String clientId = "client-101";

MqttClient client = new MqttClient(uri, clientId))

final MqttConnectOptions options = new MqttConnectOptions();
options.setSocketFactory(sc.getSocketFactory());

client.connect(options)

This does basically the same as the python code, but you should probably implement some proper checks in the methods in the TrustManager to ensure you are actually connecting to the server you are expecting.这与 python 代码基本相同,但您可能应该在TrustManager中的方法中实施一些适当的检查,以确保您实际连接到您期望的服务器。 Blindly disabling all the checking basically removes a lot of protection of a TLS connection.盲目地禁用所有检查基本上消除了对 TLS 连接的很多保护。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Eclipse Paho JavaScript客户端的SSL / TLS - SSL/TLS with Eclipse Paho JavaScript Client 尝试使用 paho python 将 mosquitto 代理与 TLS 一起使用 - Trying to use mosquitto broker with TLS using paho python 如何使用 java 连接到具有 TLS 版本 1.2 的 DB2 数据库? - How to connect using java to DB2 database with TLS version 1.2? TLS / SSLv3不安全吗? - Is TLS / SSLv3 insecure? Java SSL / TLS版本设置 - Java SSL/TLS Version Setting 将 Paho 用于 MQTT TLS 时出现错误 [SSL] PEM lib (_ssl.c:4022) - Error [SSL] PEM lib (_ssl.c:4022) when using Paho for MQTT TLS 如何在Java中设置TLS1.2版本 - How to set TLS1.2 version in Java 此 Java 1.7 代码片段中的 TLS 版本是什么? - What is the TLS version in this code snippet of Java 1.7? Java Bouncy Castle TLS 协议版本顺序? - Java Bouncy Castle TLS Protocol version order? 即使没有在同一台计算机上使用不带SSL / TLS的SMTP发送电子邮件也不安全吗? - Is Sending Email using SMTP without SSL/TLS insecure even if its in the same computer?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM