JAVA HTTPS

JDK与HTTPS各版本对应关系

JDK与HTTPS版本

IBMJDK 支持 TLS12 
-Dcom.ibm.jsse2.overrideDefaultTLS=true
-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12

#使用工具测试 
D:\JDK\IBMJDK1.8_Win\bin>java.exe HTTPSClient baidu.com
HTTP/1.1 302 Moved Temporarily
Server: bfe/1.0.8.18
Date: Wed, 26 Aug 2020 05:58:37 GMT
Content-Type: text/html
Content-Length: 161
Connection: close
Location: http://www.baidu.com/error.html
Set-Cookie: __bsi=14235882381431070594_00_218_N_N_0_0303_C02F_N_N_N_0; expires=Wed, 26-Aug-20 05:58:42 GMT; domain=www.baidu.com; path=/

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>bfe/1.0.8.18</center>
</body>
</html>

IBMJDK1.6-Win\bin>java.exe  -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=ssl:handshake:verbose HTTPSClient baidu.com |findstr ClientHello
2020-8-26 14:01:35 java.util.prefs.WindowsPreferences <init>
WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0x80000002. Windows RegCreateKeyEx(...) returned error code 5.
IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
*** ClientHello, TLSv1

IBMJDK1.8_Win\bin>java.exe  -Djdk.tls.client.protocols=TLSv1.1 -Djavax.net.debug=ssl:handshake:verbose HTTPSClient baidu.com |findstr Hello
*** ClientHello, TLSv1.1

IBMJDK1.8_Win\bin>java.exe  -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=ssl:handshake:verbose HTTPSClient baidu.com |findstr Hello
*** ClientHello, TLSv1.2

IBMJDK1.8_Win\bin>java.exe  -Dhttps.protocols=TLSv1.1 -Djavax.net.debug=ssl:handshake:verbose HTTPSClient baidu.com |findstr Hello
*** ClientHello, TLSv1.2


import java.net.*;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
public class HTTPSClient {
	public static void main(String[] args) {
		if (args.length == 0) {
			System.out.println("Usage: java HTTPSClient host");
			return;
		}

		int port = 443; // default https port
		String host = args[0];

		try{
			//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
			SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();

			SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

			Writer out = new OutputStreamWriter(socket.getOutputStream());
			// https requires the full URL in the GET line
			out.write("GET / HTTP/1.0\\r\\\n");
			out.write("\\r\\n");
			out.flush();

			// read response
			BufferedReader in = new BufferedReader(
						new InputStreamReader(socket.getInputStream()));
			int c;
			while ((c = in.read()) != -1) {
				System.out.write(c);
			}

			out.close();
			in.close();
			socket.close();
		}catch (IOException e) {
			System.err.println(e);
		}
	}
}

一些链接
IBM禁用SSLv3
change the default SSL protocol 介绍了如何直接用jdk 调用分析 HTTPSClient 如上代码
TLSv1.2 Support in Java
TLSv1.2参数配置
IBMJDK TLSv1.2参数配置
如何在jdk1.6使用tls1.2

posted @ 2020-08-26 14:20  Qtong  阅读(364)  评论(0)    收藏  举报