【发布时间】:2015-01-20 10:39:26
【问题描述】:
我正在开发一个 java 代理来监控我的应用服务器中发生的 http 通信。我想知道传出 Https 连接中使用的 SSL 版本(SSLv3、TLS 等)。有没有办法通过任何方式获取 SSL 版本?
【问题讨论】:
标签: java ssl httpsurlconnection
我正在开发一个 java 代理来监控我的应用服务器中发生的 http 通信。我想知道传出 Https 连接中使用的 SSL 版本(SSLv3、TLS 等)。有没有办法通过任何方式获取 SSL 版本?
【问题讨论】:
标签: java ssl httpsurlconnection
我使用了这个解决方案,也许它可以帮助你:
首先你需要一个SSLSocketFactory 的扩展类来将HandshakeCompletedListener 附加到SSLSocketFactory 创建的套接字上:
(灵感来自How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)
public class SecureSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private HandshakeCompletedListener handshakeListener;
public SecureSSLSocketFactory(
SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
this.delegate = delegate;
this.handshakeListener = handshakeListener;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
if (null != this.handshakeListener) {
socket.addHandshakeCompletedListener(this.handshakeListener);
}
return socket;
}
// and so on for all the other createSocket methods of SSLSocketFactory.
@Override
public String[] getDefaultCipherSuites() {
// TODO: or your own preferences
return this.delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
// TODO: or your own preferences
return this.delegate.getSupportedCipherSuites();
}
那么你需要一个HandshakeCompletedListener 接口的实现。您必须实现handshakeCompleted 方法:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
} catch (SSLPeerUnverifiedException e) {
}
}
在handshakeCompleted,您可以获得协议版本(可能是 TLSv1.2),顺便还有密码套件等信息,也可以通过HttpsConnection 访问。
您可以在连接前通过conn.setSSLSocketFactory 设置自定义 SSL 套接字工厂:
private void setupAndConnect() {
URL url = new URL("https://host.dom/xyz");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null); // simple here
conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
// conn.set... /* set other parameters */
conn.connect();
【讨论】: