我正在尝试使用Apache HttpClient 4.1连接到HTTPs URL。...
HttpGet httpget = new HttpGet("https://federation/galaxy-class/enterprise/getSheildFrequencies");
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpResponse response = httpclient.execute(httpget);
在连接过程中,出现以下异常...
Caught: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
当我打开调试时,看到以下内容。
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, handling exception: java.net.SocketException: Connection reset
因此,似乎我的客户端在TLSv1中进行了握手,但是随后在服务器不希望的SSLv2中发送了一个客户端问候(服务器断开了它的连接,因为它不支持SSLv2向后兼容模式。)]
有没有办法告诉Apache HttpClient不要这样做?还是在底层JRE(我正在使用1.6)上配置了某些东西?
UPDATE
按照bmargulies的建议,我试图建立自己的套接字工厂并将其配置为仅允许我想要的协议。...
def supportedProtocols = new String[2] supportedProtocols[0] = 'SSLv3' supportedProtocols[1] = 'TLSv1' SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( SSLContext.getDefault(),supportedProtocols, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()); Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", socketFactory) .build(); PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry); CloseableHttpClient client = HttpClients.custom().setConnectionManager(cm).build(); HttpResponse response = client.execute(httpget);
但是这给另一个例外...
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
我正在尝试使用Apache HttpClient 4.1连接到HTTPs URL。...HttpGet httpget = new HttpGet(“ https:// federation / galaxy-class / enterprise / getSheildFrequencies”); DefaultHttpClient httpclient = ...
从SSLContext的已启用协议中删除SSLv2ClientHello
。