【问题标题】:Get SSL Version used in HttpsURLConnection - Java获取 HttpsURLConnection 中使用的 SSL 版本 - Java
【发布时间】:2015-01-20 10:39:26
【问题描述】:

我正在开发一个 java 代理来监控我的应用服务器中发生的 http 通信。我想知道传出 Https 连接中使用的 SSL 版本(SSLv3、TLS 等)。有没有办法通过任何方式获取 SSL 版本?

【问题讨论】:

    标签: java ssl httpsurlconnection


    【解决方案1】:

    我使用了这个解决方案,也许它可以帮助你:

    首先你需要一个SSLSocketFactory 的扩展类来将HandshakeCompletedListener 附加到SSLSocketFactory 创建的套接字上: (灵感来自How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

    public class SecureSSLSocketFactory extends SSLSocketFactory {
    private final SSLSocketFactory delegate;
    private HandshakeCompletedListener handshakeListener;
    
    public SecureSSLSocketFactory(
            SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
        this.delegate = delegate;
        this.handshakeListener = handshakeListener;
    }
    
    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) 
        throws IOException {
        SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
    
        if (null != this.handshakeListener) {
            socket.addHandshakeCompletedListener(this.handshakeListener);
        }
    
        return socket;
    }
    // and so on for all the other createSocket methods of SSLSocketFactory.
    
    @Override
    public String[] getDefaultCipherSuites() {
        // TODO: or your own preferences
        return this.delegate.getDefaultCipherSuites();
    }
    
    @Override
    public String[] getSupportedCipherSuites() {
        // TODO: or your own preferences
        return this.delegate.getSupportedCipherSuites();
    }
    

    那么你需要一个HandshakeCompletedListener 接口的实现。您必须实现handshakeCompleted 方法:

    public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
    @Override
    public void handshakeCompleted(HandshakeCompletedEvent event) {
        SSLSession session = event.getSession();
        String protocol = session.getProtocol();
        String cipherSuite = session.getCipherSuite();
        String peerName = null;
    
        try {
            peerName = session.getPeerPrincipal().getName();
        } catch (SSLPeerUnverifiedException e) {
        }
    }
    

    handshakeCompleted,您可以获得协议版本(可能是 TLSv1.2),顺便还有密码套件等信息,也可以通过HttpsConnection 访问。 您可以在连接前通过conn.setSSLSocketFactory 设置自定义 SSL 套接字工厂:

    private void setupAndConnect() {
    URL url = new URL("https://host.dom/xyz");
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null);    // simple here
    
    conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
    
    // conn.set... /* set other parameters */
    conn.connect();
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-10-30
      • 1970-01-01
      • 2011-03-03
      • 2012-05-17
      • 1970-01-01
      • 1970-01-01
      • 2018-03-14
      • 2012-06-24
      相关资源
      最近更新 更多