获取HttpsURLConnection中使用的SSL版本 - Java [英] Get SSL Version used in HttpsURLConnection - Java
问题描述
我正在开发一个java代理来监控我的应用服务器中发生的http通信。我想知道传出Https连接中使用的SSL版本(SSLv3,TLS等)。有没有办法以任何方式获得SSL版本?
I am developing a java agent to monitor http communications happening in my application server. I like to know the SSL version(SSLv3, TLS, etc) used in outgoing Https connections. Is there a way to get the SSL version by any means?
推荐答案
我使用此解决方案,也许它可以帮助您:
I used this solution, maybe it can help you:
首先你需要一个 SSLSocketFactory
的扩展类来附加一个 HandshakeCompletedListener
由 SSLSocketFactory
创建的套接字:
(灵感来自如何使用HttpsURLConnection覆盖Android发送到服务器的密码列表?)
First you need an extension class of SSLSocketFactory
to attach a HandshakeCompletedListener
to the sockets created by the SSLSocketFactory
:
(inspired by How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)
public class SecureSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private HandshakeCompletedListener handshakeListener;
public SecureSSLSocketFactory(
SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
this.delegate = delegate;
this.handshakeListener = handshakeListener;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
if (null != this.handshakeListener) {
socket.addHandshakeCompletedListener(this.handshakeListener);
}
return socket;
}
// and so on for all the other createSocket methods of SSLSocketFactory.
@Override
public String[] getDefaultCipherSuites() {
// TODO: or your own preferences
return this.delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
// TODO: or your own preferences
return this.delegate.getSupportedCipherSuites();
}
然后你需要实现 HandshakeCompletedListener
界面。您必须实现 handshakeCompleted
方法:
Then you need an implementation of the HandshakeCompletedListener
interface. You must implement the handshakeCompleted
method:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
} catch (SSLPeerUnverifiedException e) {
}
}
在 handshakeCompleted
中,您可以获得协议版本(可能是TLSv1.2),顺便提一下也可以获得密码套件等信息,也可以通过<$ c $访问C> HttpsConnection 。
您可以在连接之前通过 conn.setSSLSocketFactory
设置自定义SSL套接字工厂:
In handshakeCompleted
you can get the protocol version (maybe TLSv1.2), and by the way also the information on cipher suite etc., that is also accessible via HttpsConnection
.
You can set the custom SSL socket factory via conn.setSSLSocketFactory
before connect:
private void setupAndConnect() {
URL url = new URL("https://host.dom/xyz");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null); // simple here
conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
// conn.set... /* set other parameters */
conn.connect();
这篇关于获取HttpsURLConnection中使用的SSL版本 - Java的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!