Java 8 SSLContext.getInstance("TLSv1.2") 是什么意思? [英] Java 8 SSLContext.getInstance("TLSv1.2") what does it mean?
问题描述
我正在尝试为某个端点 URL 调用 REST API,它在 java.net 的 URL 上运行良好,并且在执行相同的操作后运行良好.但是在某些机器上它因某些 SSLException 而失败,因此代码被修改如下:
I'm trying to call a REST API for some end point URL, it was running fine for the URL of java.net and after executing the same. But on some machines it failed for some SSLException so the code was modified like this:
HttpsURLConnection connection = (HttpsURLConnection) new URL( url ).openConnection()
SSLContext sc = SSLContext.getInstance("TLSv1.2")
sc.init(null, null, new SecureRandom())
connection.setSSLSocketFactory(sc.getSocketFactory())
connection.setRequestProperty("charset", "utf-8")
InputStream input = connection.getInputStream()
InputStreamReader reader = new InputStreamReader(input, "utf-8")
BufferedReader buffer = new BufferedReader(reader)
buffer.lines().collect(Collectors.joining("\n"))
现在它再次工作正常,如果我没有错的话,它是用于安全通信,但是为什么在 Linux env 上而不是在 Windows 上出现 SSLexception,并且 SSLContext.getInstance("TLSv1.2") 这是否适用于所有环境,为什么 TLSV1.1 不是所有环境都默认为 1.2 或最新版本,我如何确保它可以在所有环境中运行?
Now again it's working fine, if I'm not wrong it is for secured communication, but then why was the SSLexception on Linux env and not on Windows, and SSLContext.getInstance("TLSv1.2") will this work on all environments, why not TLSV1.1 does all environment have 1.2 or latest version by default, how do I make sure that it will run on all the environments?
推荐答案
TLS 代表 传输层安全 是替代安全套接字层 (SSL) 的标准.有几个 TLS 版本,其中 v1.1 和 v1.2 被认为是安全的(目前正在起草 v1.3).如果您不想使用最新的可用 TLS 版本深入研究技术细节,这是最好的主意.
TLS stands for Transport Layer Security which is the standard superseding Secure Sockets Layer (SSL). There are few versions of TLS out of which v1.1 and v1.2 are consider secure (at the moment v1.3 is being drafted). If you don't want to dive into technical details using the latest available TLS version is the best idea.
Java 中的 TLSv1.2 在这里得到了很好的解释:JDK 8 将默认使用 TLS 1.2.由于 TLSv1.2 是在 JDK 内部实现的,因此它应该适用于所有操作系统.由于有多个 JDK 供应商(Oracle、OpenJDK、Azul 等),因此您希望使用 JDK 进行测试.问题是旧版本,例如Oracle HotSpot Java 6 仅支持 SSL,除非您拥有高级 Oracle 维护版本或自定义库,否则您将无法获得 TLS.
TLSv1.2 in Java is nicely explained here: JDK 8 will use TLS 1.2 as default. Since TLSv1.2 is implemented inside the JDK it should work on all operating systems. Since there are multiple JDK vendors (Oracle, OpenJDK, Azul, etc.) you want to test this with your JDK. The gotcha is that older version e.g. Oracle HotSpot Java 6 support only SSL and you won't get TLS unless you have premium Oracle maintenance release or custom libraries.
这篇关于Java 8 SSLContext.getInstance("TLSv1.2") 是什么意思?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
