我们正在使用org.apache.httpcomponents.httpclient(v4.5.4)连接到另一个服务。但是,该服务现在已禁用TLS1.0。我怎么知道默认支持的SSL / TLS版本。这是创建httpclient对象的代码片段的方式:
private CloseableHttpClient getHttpClient() {
// always create new httpclient instance when factory is not available
// e.g. junit test suite
if (httpClientBuilderFactory == null
|| httpClientBuilderFactory.newBuilder() == null) {
sc = SocketConfig.custom()
.setSoTimeout(HTTP_SOCKET_TIMEOUT_SECONDS * 1000).build();
httpClient = HttpClients.custom().setDefaultSocketConfig(sc).build();
}
if (httpClient == null) {
clientConnectionManager = new PoolingHttpClientConnectionManager(210L,TimeUnit.SECONDS);
sc = SocketConfig.custom()
.setSoTimeout(HTTP_SOCKET_TIMEOUT_SECONDS * 1000).build();
clientConnectionManager.setDefaultMaxPerRoute(20);
HttpClientBuilder httpClientBuilder = httpClientBuilderFactory
.newBuilder();
httpClientBuilder.setDefaultSocketConfig(sc);
httpClientBuilder.setConnectionManager(clientConnectionManager);
httpClientBuilder.setConnectionManagerShared(true);
httpClient = httpClientBuilder.build();
}
return httpClient;
}
HttpClient 4.5.x
将需要一个自定义响应拦截器来访问基础连接并提取与其关联的SSL会话。
CloseableHttpClient httpclient = HttpClients.custom()
.addInterceptorLast(new HttpResponseInterceptor() {
@Override
public void process(HttpResponse response, HttpContext context) throws HttpException, IOException {
HttpClientContext clientContext = HttpClientContext.adapt(context);
ManagedHttpClientConnection connection = clientContext.getConnection(ManagedHttpClientConnection.class);
SSLSession sslSession = connection.getSSLSession();
if (sslSession != null) {
System.out.println("SSL protocol " + sslSession.getProtocol());
System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
}
}
})
.build();
try {
HttpGet httpget = new HttpGet("https://httpbin.org/");
System.out.println("Executing request " + httpget.getRequestLine());
HttpClientContext clientContext = HttpClientContext.create();
CloseableHttpResponse response = httpclient.execute(httpget, clientContext);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
HttpClient 5.0
从5.0开始,可以直接从HTTP执行上下文中拉出SSL会话。
try (CloseableHttpClient httpclient = HttpClients.custom().build()) {
final HttpGet httpget = new HttpGet("https://httpbin.org/");
System.out.println("Executing request " + httpget.getMethod() + " " + httpget.getUri());
final HttpClientContext clientContext = HttpClientContext.create();
try (CloseableHttpResponse response = httpclient.execute(httpget, clientContext)) {
System.out.println("----------------------------------------");
System.out.println(response.getCode() + " " + response.getReasonPhrase());
EntityUtils.consume(response.getEntity());
final SSLSession sslSession = clientContext.getSSLSession();
if (sslSession != null) {
System.out.println("SSL protocol " + sslSession.getProtocol());
System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
}
}
}