解决jdk1.7 不支持TLS1.2的问题

最新推荐文章于 2022-09-09 14:55:35 发布
最新推荐文章于 2022-09-09 14:55:35 发布
阅读量2.7k 收藏 2
点赞数 4
分类专栏: http 文章标签: java servlet 开发语言
原文链接:https://www.pianshen.com/article/6328122886/
版权

场景

java程序使用https方式调用nessus接口时,使用jdk1.7返回如下内容:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
使用jdk1.8返回正常

{“token”:“f360654233f65d964ed220914ec10916fe206a3d1b1c1b41”}
使用浏览器访问正常,debug发现发现:

协议版本:TLSv1.2
密码组合:TLS_RSA_WITH_AES_128_CBC_SHA

百度后发现
在这里插入图片描述
原因很明显 因为jdk1.7默认支持的TLS是V1 ,jdk1.8默认支持的是v1.2

解决方案使用第三方的Bouncy Castle 代码如下:

建立一个TLSSocketConnectionFactory

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;
 
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;
 
import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
/**
 * Created by hzlizhou on 2016/9/9.
 */
public class TLSSocketConnectionFactory extends SSLSocketFactory {
 
    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
 
    @Override
    public Socket createSocket(Socket socket, final String host, int port,
                               boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }
 
        final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());
 
        return _createSSLSocket(host, tlsClientProtocol);
    }
 
    @Override
    public String[] getDefaultCipherSuites() {
        return null;
    }
 
    @Override
    public String[] getSupportedCipherSuites() {
        return null;
    }
 
    @Override
    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        throw new UnsupportedOperationException();
    }
 
    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        throw new UnsupportedOperationException();
    }
 
    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
        return null;
    }
 
    @Override
    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
        throw new UnsupportedOperationException();
    }
 
    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;
 
            @Override
            public InputStream getInputStream() throws IOException {
                return tlsClientProtocol.getInputStream();
            }
 
            @Override
            public OutputStream getOutputStream() throws IOException {
                return tlsClientProtocol.getOutputStream();
            }
 
            @Override
            public synchronized void close() throws IOException {
                tlsClientProtocol.close();
            }
 
            @Override
            public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
            }
 
            @Override
            public boolean getEnableSessionCreation() {
                return false;
            }
 
            @Override
            public String[] getEnabledCipherSuites() {
                return null;
            }
 
            @Override
            public String[] getEnabledProtocols() {
                return null;
            }
 
            @Override
            public boolean getNeedClientAuth() {
                return false;
            }
 
            @Override
            public SSLSession getSession() {
                return new SSLSession() {
 
                    @Override
                    public int getApplicationBufferSize() {
                        return 0;
                    }
 
                    @Override
                    public String getCipherSuite() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public long getCreationTime() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public byte[] getId() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public long getLastAccessedTime() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public java.security.cert.Certificate[] getLocalCertificates() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public Principal getLocalPrincipal() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public int getPacketBufferSize() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
                        return null;
                    }
 
                    @Override
                    public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
                        return peertCerts;
                    }
 
                    @Override
                    public String getPeerHost() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public int getPeerPort() {
                        return 0;
                    }
 
                    @Override
                    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
                        return null;
                    }
 
                    @Override
                    public String getProtocol() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public SSLSessionContext getSessionContext() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public Object getValue(String arg0) {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public String[] getValueNames() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public void invalidate() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public boolean isValid() {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public void putValue(String arg0, Object arg1) {
                        throw new UnsupportedOperationException();
                    }
 
                    @Override
                    public void removeValue(String arg0) {
                        throw new UnsupportedOperationException();
                    }
                };
            }
 
            @Override
            public String[] getSupportedProtocols() {
                return null;
            }
 
            @Override
            public boolean getUseClientMode() {
                return false;
            }
 
            @Override
            public boolean getWantClientAuth() {
                return false;
            }
 
            @Override
            public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
            }
 
            @Override
            public void setEnableSessionCreation(boolean arg0) {
            }
 
            @Override
            public void setEnabledCipherSuites(String[] arg0) {
            }
 
            @Override
            public void setEnabledProtocols(String[] arg0) {
            }
 
            @Override
            public void setNeedClientAuth(boolean arg0) {
            }
 
            @Override
            public void setUseClientMode(boolean arg0) {
            }
 
            @Override
            public void setWantClientAuth(boolean arg0) {
            }
 
            @Override
            public String[] getSupportedCipherSuites() {
                return null;
            }
 
            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {
 
                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }
 
                        //Add host_name
                        byte[] host_name = host.getBytes();
 
                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }
 
                    @Override
                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {
                        	@Override
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();
 
                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for (org.bouncycastle.asn1.x509.Certificate c : ((org.bouncycastle.crypto.tls.Certificate) serverCertificate).getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);
 
                                        String alias = ks.getCertificateAlias(cert);
                                        if (alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ((java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch (CertificateExpiredException cee) {
                                                    // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }
 
                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }
 
                            @Override
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }
 
                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;
 
                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";
 
                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }
 
                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";
 
                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }
 
                                        localKeyStore.load(trustStoreFis, keyStorePass);
 
                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
 
                        };
                    }
 
                });
            } // startHandshake
        };
    }
}

发送一个map格式的post请求

import javax.net.ssl.HttpsURLConnection;
 
import com.alibaba.fastjson.JSON;
 
 
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
 
 
public class HttpsUrlConnectionForTLS {
 
    public HttpURLConnection createConnection(URI uri) throws IOException {
        URL url = uri.toURL();
        URLConnection connection = url.openConnection();
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) connection;
        httpsURLConnection.setSSLSocketFactory(new TLSSocketConnectionFactory());
        return httpsURLConnection;
    }
    
    public static void main(String[] args) {
    	HttpsUrlConnectionForTLS httpsUrlConnectionMessageSender = new HttpsUrlConnectionForTLS();
    	String loginUrl = "https://192.168.186.73/session";
		String data = "username=xiaomi&password=Ultrasafe_123";
    	HttpURLConnection connection;
		try {
			connection = httpsUrlConnectionMessageSender.createConnection(new URI(loginUrl ));
			connection.setDoOutput(true);
	    	connection.setDoInput(true);
	    	connection.setRequestMethod("POST");
	    	connection.setUseCaches(false);
	    	connection.setInstanceFollowRedirects(true);
	    	connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
 
	    	connection.connect();
	    	//POST请求
			OutputStreamWriter os = null;
			String json="";
	    	os = new OutputStreamWriter(connection.getOutputStream());
			os.write(data);
			os.flush();
			json=getResponse(connection);
			System.out.println(json);
 
 
			 if (connection != null) {
	    	        connection.disconnect();
	    	    }
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (URISyntaxException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
    
    public static String getResponse(HttpURLConnection Conn) throws IOException {
 
 
        InputStream is;
        if (Conn.getResponseCode() >= 400) {
            is = Conn.getErrorStream();
        } else {
            is = Conn.getInputStream();
        }
 
 
        String response = "";
        byte buff[] = new byte[512];
        int b = 0;
        while ((b = is.read(buff, 0, buff.length)) != -1) {
            response += new String(buff, 0, b);
 
        }
        is.close();
 
        System.out.println(response);
        return response;
    }
}

参考连接 : https://www.pianshen.com/article/6328122886/
https://www.pudn.com/news/628f8369bf399b7f351e8c5a.html

奋斗成就男人
关注
  • 4
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
JDK1.7支持Https TLS1.2协议
u011519508的专栏
06-04 9914
1前言     jdk1.7 支持协议 :SSLv2Hello 、SSLv3、TLSv1TLSv1.1、TLSv1.2五种协议,但是默认协议是:TLSv1,因为https 请求是双向认证的也就是jdk支持协议最低是TLSv1以上的版本,所有jdk1.7不能访问https请求。2解决思路  新建类 TrustAnyHostnameVerifier  implements HostnameVeri...
JDK版本特性
最新发布
qq_37191071的博客
06-19 1304
LTS 版本更加注重稳定性,安全性,性能改进,默认支持是 8 年,其中 JDK 8 延长至 2030 年(16年),延长支持期间不再提供新的功能。主要:通过var关键字实现局部变量类型推断,使Java语言变成弱类型语言、JVM的G1垃圾回收由单线程改成多线程并行处理,降低G1的停顿时间。JDK18中提供了一个新命令jwebserver, 运行这个命令可以启动一个简单的,最小化的静态web服务器,默认发布的是当前目录。作为一个实验性的垃圾回收器,Epsilon GC 旨在为某些特定的应用场景提供更好的性能。
JDK1.7支持TLS1.2协议解决方案
qaz445325762的博客
05-21 1万+
近期,项目中需要调用的第三方API接口升级,http调用要使用TLS1.2协议。但是项目使用的是JDK1.7,默认支持TLSV1jdk1.8默认支持的是v1.2。升级JDK影响比较大,所以不做升级处理。 查询了很多网上资料,有改服务器配置的,也有修改Java请求http代码的。此次是选择修改Java代码 以下是解决方案: 直接在调用接口修改java代码,在创建socket连接时指定调...
jdk1.7支持TLS设置及URLConnection的使用
04-02 3012
今天写图片下载功能代码,主要功能是将服务器上的图片下载保存,在访问服务器端时,由于是使用的HttpsConnection,结果在conn=url.openconnection()后,用conn.getInputStream()时,出现了异常 握手失败?一看应该是网络连接问题,上百度查了一下,发现资源还是很多的,主要原因,JDK1.7JDK1.8的SSL协议兼容问题,我本机是1.7,服务器是...
JDK1.7支持Https TLS1.2协议 1.8及以上支持
run_2005的博客
07-14 4400
1:前言 jdk1.7支持协议:SSLv2Hello 、SSLv3、TLSv1TLSv1.1、TLSv1.2五种协议,但是默认协议是:TLSv1,因为https 请求是双向认证的也就是jdk支持协议最低是TLSv1以上的版本,所有jdk1.7不能访问https请求。 jdk1.7访问https出现握手失败的情况,原因是jdk1.7默认TLS1.1,目标服务器jdk1.8使用TLS1.2 2:解决方式 新建立类: import javax.ne...
解决jdk1.7默认https 请求是TLS1不支持TLS1.2问题
热门推荐
sunzbking的博客
06-12 2万+
1,You could just add the following property -Dhttps.protocols=TLSv1.1,TLSv1.2 which configures the JVM to specify which TLS protocol version should be used during https connections.2,参考 点击打开链接...
解决jdk1.7支持TSL1.2的问题(续)
02-16 3336
解决jdk1.7支持TLS1.2问题    续   windows环境打开jdk安装目录:jdk1.7.0_80\jre\bin,找到javacpl.exe  双击打开,高级选项卡,拉到最下方勾选TLS1.1 TLS1.2 ,如图     代码做微调: TLS 改为TLSv1.2    private static HttpClient httpClient...
java jdk 1.7官网免安装版本
10-25
5. **JDK 1.7的版本号**:`jdk1.7.0_80`中的`80`代表该版本的更新号,表示这是JDK 7的第80次更新,通常会修复已知问题,增强性能和稳定性。 6. **下载与更新**:虽然Java JDK 1.7是旧版本,但有时出于兼容性考虑仍...
jdk1.7安装包下载
03-28
1. **动态类型**:JDK1.7引入了` invokedynamic `指令,这是一种新的字节码操作,主要用于支持动态语言的实现。它提高了脚本语言Java平台上的性能,并为Java引入了函数式编程的一些概念。 2. **字符串连接优化**...
http/https请求工具类
12-27
// 提交方式 public static String REQUEST_METHOD_POST = "POST"; public static String REQUEST_METHOD_GET = "GET"; // 媒体类型 public static String MIME_TYPE_FORM = "application/x-www-form-urlencoded;charset=utf-8"; public static String MIME_TYPE_XML = "application/xml;charset=utf-8"; public static String MIME_TYPE_JSON = "application/json;charset=utf-8"; public static String MIME_TYPE_TEXTHTML = "text/html;charset=utf-8"; public static String MIME_TYPE_TEXTXML = "text/xml;charset=utf-8"; public static String MIME_TYPE_TEXTPLAIN = "text/plain;charset=utf-8";
jdk1.7版本免安装
07-26
2. **开关语句(Switch on String)**:在JDK 1.7之前,switch语句仅支持枚举和整型,但在这个版本中,字符串也被添加到支持的类型中。 3. **多catch块**:允许在一个catch子句中捕获多种异常类型,减少了冗余代码...
JDK 1.7压缩包.zip
05-28
1. **多语言支持**:JDK 1.7引入了对JavaScript、Python等其他语言的实验性支持,使得Java平台能够更好地与其他语言集成。 2. **类型推断**:Java 7的泛型引入了类型推断,使得编写代码更加简洁,如使用`Diamond...
如何在java7中启用TLSv1.2
qq_37917691的博客
01-04 3260
jdk1.7环境下使用HTTPclient爬虫一个https网站的时候,出现如下错误:
jdk1.7环境下axis修改使用TLSv1.2
a124550785的博客
12-02 1118
AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName()); public class MyTLSSocketSecureFactory extends JSSESocketFactory { public MyTLSSocketSecureFactory(Hashtable attributes) { super(attributes); .
jdk1.7客户端使用httpclient调用jdk1.8服务端的https接口
jack03934的博客
09-09 998
SSLContext、https、TLSv1.2、jdk1.7
JDK7发送https请求时使用TLSv1.2
bang2tang2的博客
08-21 4904
项目场景:java发送https请求时使用TLSv1.2提示:这里简述项目相关背景: 例如:项目场景:示例:通过蓝牙芯片(HC-05)与手机 APP 通信,每隔 5s 传输一批传感器数据(不是很大) 问题描述:使用JDK1.7,发送https请求报错: javax.net.ssl.SSLException: Received fatal alert: protocol_version 或者 javax.net.ssl.SSLException: Received fatal alert: int
解决jdk1.7升级1.8
11-10
要将JDK 1.7升级到JDK 1.8,可以按照以下步骤进行操作: 1.下载JDK 1.8安装包并解压缩。 2.将JDK 1.8的bin目录添加到系统环境变量中。 3.在命令行中输入java -version,检查JDK版本是否已更新为1.8。 如果您使用的是CentOS 7操作系统,可以按照以下步骤安装JDK 1.8: 1.使用以下命令安装OpenJDK 1.8:sudo yum install java-1.8.0-openjdk-devel 2.检查JDK版本是否已更新为1.8:java -version --相关问题--: 1. 如何在Windows系统中升级JDK版本? 2. 如何在Linux系统中卸载JDK? 3. JDK 1.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值