tomcat & java 强制使用tlsv1.2协议

最新推荐文章于 2024-08-05 02:25:05 发布
最新推荐文章于 2024-08-05 02:25:05 发布
阅读量1.5k 收藏
点赞数
文章标签: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/windavi/article/details/105866408
版权

1 修改代码解决:

# "TLSv1", "TLSv1.1", "TLSv1.2"

static {
    // 初始化线程池
    RequestConfig params = RequestConfig.custom().setConnectTimeout(3000).setConnectionRequestTimeout(1000).setSocketTimeout(4000)
            .setExpectContinueEnabled(true).build();

    SSLContext sslContext = createTLS12();
    // 关闭了主机名验证: (原因:不关闭的情况下请求https需要公网域名,不能直接是ip地址的方式请求)
	//SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

    //2020年3月23日 22:57 lifeng
    SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);

    // 设置协议http和https对应的处理socket链接工厂的对象
    Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
            .register("http", PlainConnectionSocketFactory.INSTANCE)
            .register("https", sslFactory)
            .build();

    PoolingHttpClientConnectionManager pccm = new PoolingHttpClientConnectionManager(registry);
    // 连接池最大并发连接数
    pccm.setMaxTotal(300);
    // 单路由最大并发数
    pccm.setDefaultMaxPerRoute(100);

    HttpRequestRetryHandler retryHandler = new HttpRequestRetryHandler() {
        @Override
        public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
            // 重试1次,从1开始
            if (executionCount > 1) {
                return false;
            }
            if (exception instanceof NoHttpResponseException) {
                LOGGER.info("[NoHttpResponseException has retry request:" + context.toString() + "][executionCount:" + executionCount + "]");
                return true;
            } else if (exception instanceof SocketException) {
                LOGGER.info("[SocketException has retry request:" + context.toString() + "][executionCount:" + executionCount + "]");
                return true;
            }
            return false;
        }
    };
    httpclient = HttpClients.custom().setConnectionManager(pccm).setDefaultRequestConfig(params).setRetryHandler(retryHandler)
            .build();
}

2 整个类的代码

package cn.richinfo.common.util;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import org.apache.http.HttpEntity;
import org.apache.http.HttpStatus;
import org.apache.http.NoHttpResponseException;
import org.apache.http.client.HttpRequestRetryHandler;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLInitializationException;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.net.SocketException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Map.Entry;

/**
 * http请求工具类
 */
public class HttpClientUtilSSL {

    private final static Logger LOGGER = LoggerFactory.getLogger(HttpClientUtilSSL.class);

    private final static String UTF8 = "UTF-8";

    public static CloseableHttpClient httpclient = null;


//    /**
//     *  参考 httpclient的 {@link org.apache.http.ssl.SSLContexts}<br/>
//     *
//     * Creates default SSL context based on system properties. This method obtains
//     * default SSL context by calling {@code SSLContext.getInstance("Default")}.
//     * Please note that {@code Default} algorithm is supported as of Java 6.
//     * This method will fall back onto {@link #createDefault()} when
//     * {@code Default} algorithm is not available.
//     *
//     * @return default system SSL context
//     */
//    public static SSLContext createSystemDefault() throws SSLInitializationException {
//        SSLContext context = null;
//        try {
//            context = createDefault();
//        } catch (final Exception ex) {
//            ex.printStackTrace();
//            //return createDefault();
//        }
//        return context;
//    }

    /**
     * 参考 httpclient的 {@link org.apache.http.ssl.SSLContexts}<br/>
     *
     * Creates default factory based on the standard JSSE trust material
     * ({@code cacerts} file in the security properties directory). System properties
     * are not taken into consideration.
     *
     * @return the default SSL socket factory
     */
    public static SSLContext createTLS12() {
        try {
            SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
            // 创建信任管理器,绕过证书认证:(空实现所有方法)
            X509TrustManager trustManager = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };
            // 初始化SSLContext:
            sslContext.init(null, new TrustManager[]{trustManager}, null);
            return sslContext;
        }  catch (NoSuchAlgorithmException ex) {
            throw new SSLInitializationException(ex.getMessage(), ex);
        } catch (KeyManagementException ex) {
            throw new SSLInitializationException(ex.getMessage(), ex);
        }
    }


    static {
        // 初始化线程池
        RequestConfig params = RequestConfig.custom().setConnectTimeout(3000).setConnectionRequestTimeout(1000).setSocketTimeout(4000)
                .setExpectContinueEnabled(true).build();

        SSLContext sslContext = createTLS12();
        // 关闭了主机名验证: (原因:不关闭的情况下请求https需要公网域名,不能直接是ip地址的方式请求)
//        SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

        //2020年3月23日 22:57 lifeng
        SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);

        // 设置协议http和https对应的处理socket链接工厂的对象
        Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", PlainConnectionSocketFactory.INSTANCE)
                .register("https", sslFactory)
                .build();

        PoolingHttpClientConnectionManager pccm = new PoolingHttpClientConnectionManager(registry);
        // 连接池最大并发连接数
        pccm.setMaxTotal(300);
        // 单路由最大并发数
        pccm.setDefaultMaxPerRoute(100);

        HttpRequestRetryHandler retryHandler = new HttpRequestRetryHandler() {
            @Override
            public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
                // 重试1次,从1开始
                if (executionCount > 1) {
                    return false;
                }
                if (exception instanceof NoHttpResponseException) {
                    LOGGER.info("[NoHttpResponseException has retry request:" + context.toString() + "][executionCount:" + executionCount + "]");
                    return true;
                } else if (exception instanceof SocketException) {
                    LOGGER.info("[SocketException has retry request:" + context.toString() + "][executionCount:" + executionCount + "]");
                    return true;
                }
                return false;
            }
        };
        httpclient = HttpClients.custom().setConnectionManager(pccm).setDefaultRequestConfig(params).setRetryHandler(retryHandler)
                .build();
    }

    /**
     * 发送POST请求
     *
     * @param urlToRequest             请求地址
     * @param parameters               Form形式参数键值对
     * @param headers                  请求头设置的集合键值对
     * @param connectionRequestTimeout 请求超时
     * @param connectTimeout           连接超时
     * @param socketTimeout            socket超时
     * @return
     * @throws RuntimeException 当请求阻塞,或关闭流异常时
     * @throws IOException 当请求阻塞,或关闭流异常时
     */
    public static String post(String urlToRequest, Map<String, String> parameters, Map<String, String> headers, Integer connectionRequestTimeout,
                              Integer connectTimeout, Integer socketTimeout) {

        Long startTs = System.currentTimeMillis();
        JSONObject json = new JSONObject();

        if (parameters != null && !parameters.isEmpty()) {
            for (Entry<String, String> entry : parameters.entrySet()) {
                json.put(entry.getKey(), String.valueOf(entry.getValue()));
            }
        }
        // LOGGER.info("post-req:url:{},param:{}", urlToRequest, JSONUtil.toJsonStr(parameters));
        HttpPost post = new HttpPost(urlToRequest);

        RequestConfig requestConfig = getRequestConfig(connectionRequestTimeout, connectTimeout, socketTimeout);
        post.setConfig(requestConfig);

        if (headers != null && !headers.isEmpty()) {
            // LOGGER.info("请求头的属性集合 headers: [{}]" + JSONUtil.toJsonStr(headers));
            for (Entry<String, String> entity : headers.entrySet()) {
                post.setHeader(entity.getKey(), entity.getValue());
            }
        }
        post.setEntity(new StringEntity(json.toString(), "UTF-8"));
        CloseableHttpResponse response = null;
        try {
            response = invoke(post);
        } catch (IOException e) {
            // 异常后必须释放链接,否则并发下会一直获取不到链接
            post.releaseConnection();
            LOGGER.error("[HttpClientUtils][invoke][method:" + post.getMethod() + " URI:" + post.getURI() + "] is request exception", e);
        }
        String result = getResponseString(response);
        Long endTs = System.currentTimeMillis();
        Long currentMethodCallTime = endTs - startTs;
        if (currentMethodCallTime > 5000) {
            LOGGER.warn("url:{},call time {} ms", urlToRequest, currentMethodCallTime);
            LOGGER.info("所有存活线程=" + Thread.getAllStackTraces().size());
        }
        LOGGER.info("post-rps:{}", result);
        return result;
    }

    /**
     *  构建请求超时等配置
     * @param connectionRequestTimeout
     * @param connectTimeout
     * @param socketTimeout
     * @return
     */
    private static RequestConfig getRequestConfig(Integer connectionRequestTimeout, Integer connectTimeout, Integer socketTimeout) {
        RequestConfig.Builder builder = RequestConfig.custom();
        if (connectionRequestTimeout != null) {
            builder = builder.setConnectionRequestTimeout(connectionRequestTimeout);
        }
        if (connectTimeout != null) {
            builder = builder.setConnectTimeout(connectTimeout);
        }
        if (socketTimeout != null) {
            builder = builder.setSocketTimeout(socketTimeout);
        }
        return builder.build();
    }

    /**
     * 发送POST请求
     *
     * @param urlToRequest             接口服务地址
     * @param parameters               发送的字符串报文参数
     * @param headers                  请求头设置的集合
     * @param connectionRequestTimeout 请求超时设定值
     * @param connectTimeout           连接超时设定值
     * @param socketTimeout            socket超时设定值
     * @return
     * @throws RuntimeException 当请求阻塞,或关闭流异常时
     * @throws IOException 当请求阻塞,或关闭流异常时
     */
    public static CloseableHttpResponse post(String urlToRequest, String parameters, Map<String, String> headers, Integer connectionRequestTimeout,
                              Integer connectTimeout, Integer socketTimeout) {
        Long startTs = System.currentTimeMillis();

        //LOGGER.info("post-request: 请求地址url: {}, 请求参数param: {}", urlToRequest, parameters);
        HttpPost post = new HttpPost(urlToRequest);
        RequestConfig requestConfig = getRequestConfig(connectionRequestTimeout, connectTimeout, socketTimeout);
        post.setConfig(requestConfig);

        if (headers != null && !headers.isEmpty()) {
            for (Entry<String, String> entity : headers.entrySet()) {
                post.setHeader(entity.getKey(), entity.getValue());
            }
        }
        post.setEntity(new StringEntity(parameters, UTF8));
        CloseableHttpResponse response = null;
        try {
            response = invoke(post);
        } catch (IOException e) {
            // 异常后必须释放链接,否则并发下会一直获取不到链接
            post.releaseConnection();
            LOGGER.error("[HttpClientUtils][invoke][method:" + post.getMethod() + " URI:" + post.getURI() + "] is request exception", e);
        }
        Long endTs = System.currentTimeMillis();
        Long currentMethodCallTime = endTs - startTs;
        if (currentMethodCallTime > 5000) {
            LOGGER.warn("请求地址url: {}, 调用耗时call time: {} ms, 所有存活线程: {}", urlToRequest, currentMethodCallTime, Thread.getAllStackTraces().size());
        }
        return response;
    }

    /**
     * 发送POST请求
     *
     * @param urlToRequest             接口服务地址
     * @param parameters               发送的字符串报文参数
     * @param headers                  请求头设置的集合
     * @param connectionRequestTimeout 请求超时设定值
     * @param connectTimeout           连接超时设定值
     * @param socketTimeout            socket超时设定值
     * @return
     * @throws RuntimeException 当请求阻塞,或关闭流异常时
     * @throws IOException 当请求阻塞,或关闭流异常时
     */
    public static int postGSSync(String urlToRequest, String parameters, Map<String, String> headers, Integer connectionRequestTimeout,
                                 Integer connectTimeout, Integer socketTimeout) {
        Long startTs = System.currentTimeMillis();

        LOGGER.info("post-req:url:[{}],param:[{}]", urlToRequest, JSONUtil.toJsonStr(parameters));
        HttpPost post = new HttpPost(urlToRequest);
        RequestConfig requestConfig = getRequestConfig(connectionRequestTimeout, connectTimeout, socketTimeout);
        post.setConfig(requestConfig);

        if (headers != null && !headers.isEmpty()) {
            for (Entry<String, String> entity : headers.entrySet()) {
                post.setHeader(entity.getKey(), entity.getValue());
            }
        }

        post.setEntity(new StringEntity(parameters, UTF8));
        int result = -1;
        try {
            result = invoke200(post);
        } catch (IOException e) {
            // 异常后必须释放链接,否则并发下会一直获取不到链接
            post.releaseConnection();
            LOGGER.error("[HttpClientUtils][invoke][method:" + post.getMethod() + " URI:" + post.getURI() + "] is request exception", e);
        }
        Long endTs = System.currentTimeMillis();
        Long currentMethodCallTime = endTs - startTs;
        if (currentMethodCallTime > 5000) {
            LOGGER.warn("url:[{}],call time [{}] ms", urlToRequest, currentMethodCallTime);
            LOGGER.info("所有存活线程=" + Thread.getAllStackTraces().size());
        }
        LOGGER.info("post-rps:{}", result);
        return result;
    }

    /**
     * 发送POST请求:小红点推送接口只返回状态码204
     *
     * @param urlToRequest             接口服务地址
     * @param parameters               发送的字符串报文参数
     * @param headers                  请求头设置的集合
     * @param connectionRequestTimeout 请求超时设定值
     * @param connectTimeout           连接超时设定值
     * @param socketTimeout            socket超时设定值
     * @return
     * @throws RuntimeException 当请求阻塞,或关闭流异常时
     * @throws IOException 当请求阻塞,或关闭流异常时
     */
    public static int postRedPointSync(String urlToRequest, String parameters, Map<String, String> headers, Integer connectionRequestTimeout,
                                       Integer connectTimeout, Integer socketTimeout) {
        Long startTs = System.currentTimeMillis();

        LOGGER.info("post-req:url:[{}],param:[{}]", urlToRequest, JSONUtil.toJsonStr(parameters));
        HttpPost post = new HttpPost(urlToRequest);

        RequestConfig requestConfig = getRequestConfig(connectionRequestTimeout, connectTimeout, socketTimeout);
        post.setConfig(requestConfig);

        if (headers != null && !headers.isEmpty()) {
            for (Entry<String, String> entity : headers.entrySet()) {
                post.setHeader(entity.getKey(), entity.getValue());
            }
        }
        post.setEntity(new StringEntity(parameters, UTF8));
        int result = -1;
        try {
            result = invoke204(post);
        } catch (IOException e) {
            // 异常后必须释放链接,否则并发下会一直获取不到链接
            post.releaseConnection();
            LOGGER.error("[HttpClientUtils][invoke][method:" + post.getMethod() + " URI:" + post.getURI() + "] is request exception", e);
        }
        Long endTs = System.currentTimeMillis();
        Long currentMethodCallTime = endTs - startTs;
        if (currentMethodCallTime > 5000) {
            LOGGER.warn("url:[{}],call time [{}] ms", urlToRequest, currentMethodCallTime);
            LOGGER.info("所有存活线程数:[{}]", Thread.getAllStackTraces().size());
        }
        LOGGER.info("post-rps:[{}]", result);
        return result;
    }

    /**
     * 发送 POST 请求
     *
     * @param urlToRequest             请求地址
     * @param parameters               请求 Byte Array 报文参数
     * @param headers                  设置请求头集合参数
     * @param connectionRequestTimeout 请求超时
     * @param connectTimeout           连接超时
     * @param socketTimeout            socket超时
     * @return
     * @throws RuntimeException 当请求阻塞,或关闭流异常时
     * @throws IOException 当请求阻塞,或关闭流异常时
     */
    public static String post(String urlToRequest, byte[] parameters, Map<String, String> headers, Integer connectionRequestTimeout,
                              Integer connectTimeout, Integer socketTimeout) {
        Long startTs = System.currentTimeMillis();

        LOGGER.info("post-req:url:[{}], param:[{}]", urlToRequest, JSONUtil.toJsonStr(parameters));
        HttpPost post = new HttpPost(urlToRequest);
        RequestConfig requestConfig = getRequestConfig(connectionRequestTimeout, connectTimeout, socketTimeout);
        post.setConfig(requestConfig);

        if (headers != null && !headers.isEmpty()) {
            for (Entry<String, String> entity : headers.entrySet()) {
                post.setHeader(entity.getKey(), entity.getValue());
            }
        }

        post.setEntity(new ByteArrayEntity(parameters));
        CloseableHttpResponse response = null;
        try {
            response = invoke(post);
        } catch (IOException e) {
            // 异常后必须释放链接,否则并发下会一直获取不到链接
            post.releaseConnection();
            LOGGER.error("[HttpClientUtils][invoke][method:" + post.getMethod() + " URI:" + post.getURI() + "] is request exception", e);
        }
        String result = getResponseString(response);
        Long endTs = System.currentTimeMillis();
        Long currentMethodCallTime = endTs - startTs;
        if (currentMethodCallTime > 5000) {
            LOGGER.warn("url:[{}],call time [{}] ms", urlToRequest, currentMethodCallTime);
            LOGGER.info("所有存活线程数: [{}]", Thread.getAllStackTraces().size());
        }
        LOGGER.info("post-rps:[{}]", result);
        return result;
    }

    /**
     * 发送 GET 请求
     *
     * @param urlToRequest 请求地址
     * @param headers      请求头设置参数集合
     * @return
     * @throws RuntimeException 当请求阻塞,或关闭流异常时
     * @throws IOException 当请求阻塞,或关闭流异常时
     */
    public static String get(String urlToRequest, Map<String, String> headers) {
        Long startTs = System.currentTimeMillis();

        HttpGet httpGet = new HttpGet(urlToRequest);
        if (headers != null && !headers.isEmpty()) {
            for (Entry<String, String> entity : headers.entrySet()) {
                httpGet.setHeader(entity.getKey(), entity.getValue());
            }
        }
        CloseableHttpResponse response = null;
        try {
            response = invoke(httpGet);
        } catch (IOException e) {
            // 异常后必须释放链接,否则并发下会一直获取不到链接
            httpGet.releaseConnection();
            LOGGER.error("[HttpClientUtils][invoke][method:" + httpGet.getMethod() + " URI:" + httpGet.getURI() + "] is request exception", e);
        }
        String result = getResponseString(response);
        Long endTs = System.currentTimeMillis();
        Long currentMethodCallTime = endTs - startTs;
        if (currentMethodCallTime > 5000) {
            LOGGER.warn("url:[{}],call time [{}] ms", urlToRequest, currentMethodCallTime);
            LOGGER.info("所有存活线程数:[{}]" + Thread.getAllStackTraces().size());
        }
        LOGGER.info("get-rps:[{}]", result);
        return result;
    }

    /**
     * 执行请求
     *
     * @param request
     * @return
     */
    private static CloseableHttpResponse invoke(HttpUriRequest request) throws IOException {
        CloseableHttpResponse response = null;
        System.setProperty("javax.net.debug", "ssl,handshake");   //查看SSL握手流程日志
        response = httpclient.execute(request);
        return response;
    }

    /**
     *  获取响应字符串
     * @param response
     * @return
     * @throws IOException
     */
    public static String getResponseString(CloseableHttpResponse response) {
        String res = null;
        if (response != null && response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
            HttpEntity entity = response.getEntity();
            try {
                if (entity != null) {
                    res = EntityUtils.toString(entity, UTF8);
                }
                // 确保响应已经被消费,以释放连接
                EntityUtils.consume(response.getEntity());
            } catch (IOException e) {
                throw new RuntimeException("httpclient获取响应字符串异常", e);
            } finally {
                if (response != null) {
                    try {
                        response.close();
                    } catch (IOException e) {
                        LOGGER.error("[HttpClientUtils][method:getResponseString] is closed exception", e);
                        e.printStackTrace();
                    }
                }
            }
        }
        return res;
    }


    /**
     * 执行请求
     *
     * @param request
     * @return
     */
    private static int invoke200(HttpUriRequest request) throws IOException {
        CloseableHttpResponse response = null;
        int isOk = -1;
        try {
            response = httpclient.execute(request);
            if (response != null && (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK)) {
                isOk = HttpStatus.SC_OK;
            }
            // 确保响应已经被消费,以释放连接
            EntityUtils.consume(response.getEntity());
        } finally {
            if (response != null) {
                try {
                    response.close();
                } catch (IOException e) {
                    LOGGER.error("[HttpClientUtils][invoke][method:" + request.getMethod() + " URI:" + request.getURI() + "] is closed exception", e);
                }
            }
        }
        return isOk;
    }

    /**
     * 执行请求
     *
     * @param request
     * @return
     */
    private static int invoke204(HttpUriRequest request) throws IOException {
        CloseableHttpResponse response = null;
        int isOK = -1;
        try {
            response = httpclient.execute(request);
            if (response != null && (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK)) {
                 isOK = HttpStatus.SC_OK;
            } else {
                isOK = response.getStatusLine().getStatusCode();
            }
            // 确保响应已经被消费,以释放连接
            EntityUtils.consume(response.getEntity());
        }  finally {
            if (response != null) {
                try {
                    response.close();
                } catch (IOException e) {
                    LOGGER.error("[HttpClientUtils][invoke][method:" + request.getMethod() + " URI:" + request.getURI() + "] is closed exception", e);
                }
            }
        }
        return isOK;
    }
}
lf266run
关注
java tls1.2_如何在Java设置TLS1.2版本
weixin_33836042的博客
02-15 6010
环境细节:java version "1.7.0_40"Java(TM) SE Runtime Environment (build 1.7.0_40-b43)Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode).我们正在使用jboss-4.2.3.GA和使用ejb的胖客户端.我们尝试通过以下方式设置TLS1.2版本:>...
如何强制java服务器只接受tls 1.2并拒绝tls 1.0和tls 1.1连接
03-09 3937
如何强制java服务器只接受tls 1.2并拒绝tls 1.0和tls 1.1连接 javaweb项目使用tomcat作为运行服务器,使用默认传输协议进行传输,结果被安全软件扫描出漏洞,建议禁止tls1.0和tls1.1传输协议,总结方法如下,亲测有效 1.在服务器上的文件jre/lib/security/java.security设置: jdk.tls.disabledAlgorithms=SSLv2Hello, SSLv3, TLSv1, TLSv1.1 2.若使用nginx代理服务器,则在ngin
Python 3.6.10 的 requests 库 TLS 1.2 强制使用问题及解决方案
D0126_的博客
11-16 938
在Python 3.6.10,requests库强制使用TLS 1.2协议的问题可以通过升级Python版本、使用支持TLS 1.3的替代库或通过强制配置requests库来解决。这些版本的Python自带的ssl模块支持TLS 1.3协议,因此不再需要额外的配置。需要注意的是,尽管上述方法可以解决TLS版本的问题,但升级Python版本可能会影响其他依赖库的兼容性。因此,在升级Python版本之前,建议先确保所有的依赖库都已更新到与新版本Python兼容的版本,以确保整体应用程序的稳定性。
如何配置TLSv1.2版本的ssl
最新发布
weixin_41174342的博客
08-05 95
1、tomcat配置TLSv1.2版本的ssl如下图所示,打开tomcat\conf\server.xml文件,进行如下配置: 注意:需要将申请的tomcat版本的ssl认证文件,如server.jks存放到tomcat\conf\ssl_file\目录下。 <Connector port="10086" prot...
https站点强制通信协议TLSv1.2
热门推荐
Fred Lee的程序人生
07-03 7万+
TLSv1.2协议支持具体要分三部分内容。 <一>服务器对TLSv1.2的支持。 <二>客户端设置对TLSv1.2的支持 <三>客户端默认通过TLSv1.2访问设置。 本文对上述三方面内容进行了解读。
TLSv1.2 协议
m0_59802969的博客
09-13 490
TLSv1.2
配置Tomcat只支持TLS1.2版本
weixin_40461030的博客
01-10 9123
目录 一、找到Tomcat配置文件 二、修改配置文件 三、重启Tomcat 一、找到Tomcat配置文件 %TOMCAT%/conf/server.xml 二、修改配置文件 原配置: <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" S...
java8+tomcate8仅支持TLSv1.2
weixin_30387423的博客
08-09 1749
1、编辑$tomcat_home/conf/server.xml <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="...
为通过 ATS 检测 Tomcat 完全 TLS v1.2、完全正向加密及其结果检验
Defonds 的专栏
01-12 1万+
2017 年起 app store 要求 app 对接的服务器支持 TLS v1.2,否则 ats 检测不予通过。有点强制TLS v1.2 的意味。本文介绍如何使 tomcat 强制执行 TLS v1.2、完全正向加密。本文示例 tomcat 版本 7.0.68,jdk 版本 1.7.0。笔者强烈推荐在 DNS 解析层或反向代理服务层做这件事情,不建议放在 tomcat 这一层做。如果你非要在
配置tomcat支持ssl
mixturer的博客
01-16 9153
windows下: 1.获取证书和配置tomcat java-jdk提供一个简单的制作证书的工具,你可以用它来产生一个证书做测试用: 1.先来到你的jdk/bin下 2.执行 keytool -genkey -alias tomcat -keyalg RSA -keystore F:\tomcat.keystore -validity 36500 其F:\tomcat.keystor
查看Java 版本tls_如何在Java设置TLS1.2版本
weixin_34213766的博客
02-24 3977
环境细节:java version "1.7.0_40"Java(TM) SE Runtime Environment (build 1.7.0_40-b43)Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode).我们正在使用jboss-4.2.3.GA和使用ejb的胖客户端.我们尝试通过以下方式设置TLS1.2版本:>...
Tomcat7.0.57 配置https,并支持TLSv1.2,且通过苹果ATS 安全认证
chipiao2039的博客
12-14 829
1、 参考:https://help.aliyun.com/knowledge_detail/48151.html http://m.blog.csdn.net/article/details?id=50527406 阿里云证书安装: 开始配置...
java 建立tlsv1.2报错_java8+tomcate8仅支持TLSv1.2
weixin_28717939的博客
02-24 516
D:\OpenSSL-Win64\bin>openssl s_client -connect 192.168.163.131:8443 -tls1_2CONNECTED(000000D8)depth=0 C = cn, ST = \E5\8C\97\E4\BA\AC, L = \E5\8C\97\E4\BA\AC, O = \E9\93\B6\E7verify error:num=18:se...
java 建立tlsv1.2报错_httpd由于SSLProtocol而无法启动:非法协议'TLSv1.1'错误
weixin_42131276的博客
02-24 1119
我有一个MediaTemple订阅计划,服务器自动升级/更新 . 当我今天早上醒来时,我发现服务器上的网站和电子邮件根本不起作用 .我登录到Plesk(MediaTemple DV服务器的管理面板),发现一条错误消息:“由于配置模板的错误,未创建Apache Web服务器的新配置文件:/ etc / httpd第230行的语法错误/conf.d/ssl.conf:SSLProtocol:非法协议...
java 6 tls1.2_解决 JDK1.7 不支持 VCenter 6.7 的问题(涉及到Https TLS1.2协议
weixin_29759387的博客
02-25 345
解决 JDK1.7 不支持 VCenter 6.7 的问题问题描述原项目工程是使用JDK 1.7,可以连接 5.X版本和 6.0版本的 VCenter资源池。但是,现在VCenter已经升到 6.7版本,原程序对于高版本的 VCenter 6.7 不再试用。连接VCenter 6.7版本的资源池的时候,一直报 SSLHandshakeException的异常错误。报错信息如下:问题处理1、背景介...
JDK1.7下载https文件报错 Received fatal alert: protocol_version 设置VM参数 -Dhttps.protocols=TLSv1.2
tanzongbiao的专栏
10-14 839
设置VM参数参考:
关于JavaMail 发送邮件指定TLSv1.2失效问题
qq_38993142的博客
02-28 520
之前怀疑过jar包问题,但是替换jar包时,失误没替换成功,把正确答案排除掉了,导致绕了一大圈。这几天公司对接的邮箱服务器升级了,只支持TLS1.2,导致公司邮箱对接失效。但是代码写的支持TLSv1.2。排查了一天,过程比较曲折,
java tsl_如何在Java 6使用TLS 1.2
weixin_39704066的博客
02-12 630
此处是TLSConnection工厂:package test.connection;import java.io.ByteArrayInputStream;import java.io.ByteArrayOutputStream;import java.io.DataOutputStream;import java.io.IOException;import java.io.InputStrea...
TLSv1.2)协议
qq_32076957的博客
03-02 1万+
TLS
javax.mail 与 JavaMailSender 使用指定版本TLSv1.2协议发送邮件
06-07
您好,对于使用 JavaMailSender 发送邮件时指定使用 TLSv1.2 协议,您可以进行如下配置: ```java // 创建 JavaMailSender 实例 JavaMailSenderImpl mailSender = new JavaMailSenderImpl(); mailSender.setHost("smtp.example.com"); mailSender.setUsername("your_username"); mailSender.setPassword("your_password"); mailSender.setDefaultEncoding("UTF-8"); // 创建邮件传输协议对象 Properties props = new Properties(); props.put("mail.smtp.auth", "true"); props.put("mail.smtp.starttls.enable", "true"); props.put("mail.smtp.starttls.required", "true"); props.put("mail.smtp.ssl.protocols", "TLSv1.2"); mailSender.setJavaMailProperties(props); ``` 在上述代码,我们通过设置 `mail.smtp.ssl.protocols` 属性为 `TLSv1.2`,来强制使用 TLSv1.2 协议进行邮件传输。 希望对您有帮助。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值