如何从 apache camel 客户端强制执行 TLSv1.2答案

【问题标题】：How to enforce TLSv1.2 from apache camel client如何从 apache camel 客户端强制执行 TLSv1.2
【发布时间】：2018-06-19 17:41:00
【问题描述】：

我们正在使用 Weblogic 应用服务器和 JDK1.7 。在调用其他外部服务时，我们遇到了异常。

javax.net.ssl.SSLException: Received fatal alert: protocol_version
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:146)
    at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
    at org.apache.camel.component.http.HttpProducer.executeMethod(HttpProducer.java:244)
    at org.apache.camel.component.http.HttpProducer.process(HttpProducer.java:144)

似乎我们需要在使用 apache camel 客户端使用 Web 服务时强制执行 TLSv1.2。我们尝试在 setDomainEnv 的 java_properties 中设置“-Djdk.tls.client.protocols=TLSv1.2 -Dhttps.protocols=TLSv1.2”，但它不起作用。有人可以帮忙吗

这是我们对 apache camel 的 xml 配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:camel="http://camel.apache.org/schema/spring"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd
          http://camel.apache.org/schema/spring 
http://camel.apache.org/schema/spring/camel-spring.xsd">

<camel:camelContext id="exampleCamelContext"
    xmlns="http://camel.apache.org/schema/spring" trace="true">
    <camel:route id="ApacheCamelClient">
        <camel:from uri="direct:client" />
        <onException>
            <exception>java.lang.Exception</exception>
            <redeliveryPolicy maximumRedeliveries="0" />
            <handled>
                <constant>true</constant>
            </handled>
            <to uri="bean:apacheCamelClient?method=throwRuntimeException" />
        </onException>
        <camel:setHeader headerName="CamelHttpMethod">
            <camel:constant>POST</camel:constant>
        </camel:setHeader>
        <camel:setHeader headerName="Accept-Encoding">
            <camel:constant>gzip</camel:constant>
        </camel:setHeader>
        <camel:setHeader headerName="CamelHttpUri">
            <camel:simple>${header.url}</camel:simple>
        </camel:setHeader>
        <camel:log loggingLevel="DEBUG" message="BODY : ${body}" />
        <camel:to uri="https://www.example.com" />
        <camel:convertBodyTo type="java.lang.String" />
    </camel:route>
</camel:camelContext>

【问题讨论】：

您的 JDK 7 的确切版本号是多少？对于 -D 参数，您至少需要 Java SE 7u95。
我们使用的是 7u79。
嗯，这回答了你的问题，请参阅blogs.oracle.com/java-platform-group/…jdk.tls.client.protocols 上的评论

标签： apache-camel tls1.2