1. 首頁
  2. 問答
  3. 使用CXF皁,設置SSL和TLS協議版本

使用CXF皁,設置SSL和TLS協議版本

2016-04-26 167 views
0

根據以下代碼,我該如何將協議設置爲TLSv1.2,TLSv1,SSLv3?使用CXF皁,設置SSL和TLS協議版本

使用SOAPUI,我可以使用下面的配置來請求服務:-Dsoapui.https.protocols = TLSv1.2工作,使用TLSv1,SSLv3的

利用CXF,我得到一個「javax.net .ssl.SSLHandshakeException:沒有適當的協議(協議被禁用或密碼套件不當)」

,如果我刪除的SSLv3,輸出爲‘javax.net.ssl.SSLHandshakeException:收到致命警報:handshake_failure’

對不起,我對Soap和SSL知之甚少......

URL wsdlLocation = this.getClass().getResource("service.wsdl"); 

Service service = new Service(wsdlLocation); 
Soap stub = service.getSoap(); 

BindingProvider bp = (BindingProvider) stub; 

Map<String, Object> context = bp.getRequestContext(); 

context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service"); 

Client client = ClientProxy.getClient(stub); 

HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); 
try { 
    TLSClientParameters tlsParams = new TLSClientParameters(); 
    tlsParams.setDisableCNCheck(true); 
    tlsParams.setSecureSocketProtocol("SSLv3"); 

    KeyStore keyStore = KeyStore.getInstance("JKS"); 
    String trustpass = "pass"; 

    File truststore = new File("/home/user/keystore.jks"); 
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray()); 
    TrustManagerFactory trustFactory = TrustManagerFactory 
      .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
    trustFactory.init(keyStore); 
    TrustManager[] tm = trustFactory.getTrustManagers(); 
    tlsParams.setTrustManagers(tm); 

    truststore = new File("/home/user/keystore.jks"); 
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray()); 
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    keyFactory.init(keyStore, trustpass.toCharArray()); 
    KeyManager[] km = keyFactory.getKeyManagers(); 
    tlsParams.setKeyManagers(km); 

    FiltersType filter = new FiltersType(); 
    filter.getInclude().add(".*_EXPORT_.*"); 
    filter.getInclude().add(".*_EXPORT1024_.*"); 
    filter.getInclude().add(".*_WITH_DES_.*"); 
    filter.getInclude().add(".*_WITH_NULL_.*"); 
    filter.getExclude().add(".*_DH_anon_.*"); 
    tlsParams.setCipherSuitesFilter(filter); 

    httpConduit.setTlsClientParameters(tlsParams); 
} catch (Exception e) { 
    LOG.error(e.getMessage()); 
}

來源

2016-04-26 Obscur Moirage

回答

1

我也遇到同樣的問題,並解決它通過改變從 tlsParams.setSecureSocketProtocol("SSL");tlsParams.setSecureSocketProtocol("TLSv1");

注意要確定哪些協議版本(SSLv1協議名稱?的SSLv2? TLSv1 ....)之前更改它。請參考determine the protocol name and version

另外,如果這種解決方法不爲你工作,請參閱possible causes 希望對您和他人

這項工作

來源

2016-09-13 09:47:20 user2354382

相關問題

 相關問題