根據以下代碼,我該如何將協議設置爲TLSv1.2,TLSv1,SSLv3?使用CXF皁,設置SSL和TLS協議版本
使用SOAPUI,我可以使用下面的配置來請求服務:-Dsoapui.https.protocols = TLSv1.2工作,使用TLSv1,SSLv3的
利用CXF,我得到一個「javax.net .ssl.SSLHandshakeException:沒有適當的協議(協議被禁用或密碼套件不當)」
,如果我刪除的SSLv3,輸出爲‘javax.net.ssl.SSLHandshakeException:收到致命警報:handshake_failure’
對不起,我對Soap和SSL知之甚少......
URL wsdlLocation = this.getClass().getResource("service.wsdl");
Service service = new Service(wsdlLocation);
Soap stub = service.getSoap();
BindingProvider bp = (BindingProvider) stub;
Map<String, Object> context = bp.getRequestContext();
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service");
Client client = ClientProxy.getClient(stub);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
tlsParams.setSecureSocketProtocol("SSLv3");
KeyStore keyStore = KeyStore.getInstance("JKS");
String trustpass = "pass";
File truststore = new File("/home/user/keystore.jks");
keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
truststore = new File("/home/user/keystore.jks");
keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, trustpass.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_EXPORT_.*");
filter.getInclude().add(".*_EXPORT1024_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
tlsParams.setCipherSuitesFilter(filter);
httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
LOG.error(e.getMessage());
}