方案一
解决办法(仅适用于web服务器为tomcat的情况,其他web服务器根据原理自行配置)
修改Tomcat服务器conf/server.xml文件中和Https有关的Connector节点,添加ciphers用于指定密钥:
<Connector
SSLEnabled="......"
clientAuth="......"
connectionTimeout="......"
keystoreFile="......"
keystorePass="......"
maxThreads="......"
port="......"
protocol="......"
redirectPort="......"
scheme="......"
secure="......"
<!--此处为要新增代码-->
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA"
sslProtocol="......"
truststoreFile="......"
truststorePass="......"
/>
原理参考:http://blog.csdn.net/duanbokan/article/details/50911148
方案二
public class EasySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
@SuppressWarnings("WeakerAccess")
public EasySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[]{tm}, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
private EasySSLSocketFactory getSSLSocketFactory() {
try {
/// We initialize a default Keystore
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
// We load the KeyStore
trustStore.load(null, null);
// We initialize a new SSLSocketFacrory
EasySSLSocketFactory socketFactory = new EasySSLSocketFactory(trustStore);
// We set that all host names are allowed in the socket factory
socketFactory.setHostnameVerifier(EasySSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
// We set the SSL Factory
return socketFactory;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}