获取HttpsURLConnection中使用的SSL版本 - Java [英] Get SSL Version used in HttpsURLConnection - Java
问题描述
我正在开发一个java代理来监控我的应用服务器中发生的http通信。我想知道传出Https连接中使用的SSL版本(SSLv3,TLS等)。有没有办法以任何方式获得SSL版本?
I am developing a java agent to monitor http communications happening in my application server. I like to know the SSL version(SSLv3, TLS, etc) used in outgoing Https connections. Is there a way to get the SSL version by any means?
推荐答案
我使用此解决方案,也许它可以帮助您:
I used this solution, maybe it can help you:
首先你需要一个 SSLSocketFactory 的扩展类来附加一个 HandshakeCompletedListener 由 SSLSocketFactory 创建的套接字:
(灵感来自如何使用HttpsURLConnection覆盖Android发送到服务器的密码列表?)
First you need an extension class of SSLSocketFactory to attach a HandshakeCompletedListener to the sockets created by the SSLSocketFactory:
(inspired by How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)
public class SecureSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private HandshakeCompletedListener handshakeListener;
public SecureSSLSocketFactory(
SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
this.delegate = delegate;
this.handshakeListener = handshakeListener;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
if (null != this.handshakeListener) {
socket.addHandshakeCompletedListener(this.handshakeListener);
}
return socket;
}
// and so on for all the other createSocket methods of SSLSocketFactory.
@Override
public String[] getDefaultCipherSuites() {
// TODO: or your own preferences
return this.delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
// TODO: or your own preferences
return this.delegate.getSupportedCipherSuites();
}
然后你需要实现 HandshakeCompletedListener 界面。您必须实现 handshakeCompleted 方法:
Then you need an implementation of the HandshakeCompletedListener interface. You must implement the handshakeCompleted method:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
} catch (SSLPeerUnverifiedException e) {
}
}
在 handshakeCompleted 中,您可以获得协议版本(可能是TLSv1.2),顺便提一下也可以获得密码套件等信息,也可以通过<$ c $访问C> HttpsConnection 。
您可以在连接之前通过 conn.setSSLSocketFactory 设置自定义SSL套接字工厂:
In handshakeCompleted you can get the protocol version (maybe TLSv1.2), and by the way also the information on cipher suite etc., that is also accessible via HttpsConnection.
You can set the custom SSL socket factory via conn.setSSLSocketFactory before connect:
private void setupAndConnect() {
URL url = new URL("https://host.dom/xyz");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null); // simple here
conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
// conn.set... /* set other parameters */
conn.connect();
这篇关于获取HttpsURLConnection中使用的SSL版本 - Java的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
