带有匿名 Diffie Hellman 的 Java SSL/TLS [英] Java SSL/TLS with Anonymous Diffie Hellman

问题描述

我有一个用 Java 编写的基本客户端/服务器应用程序，它使用普通的 Sockets 进行通信.

I have a basic client/server application written in Java which uses plain Sockets for communication.

我想防止对其进行被动窃听攻击，并通过 TLS/SSL 进行通信.我不希望应用程序用户遇到设置证书等的麻烦，我想使用 AES 加密(TLS_DH_anon_WITH_AES_128_CBC_SHA 模式)通过匿名 Diffie Hellman 设置 SSL 套接字.

I'd like to prevent passive eavesdropping attacks against it and do the communication over TLS/SSL. I don't want the application user to get in the hassle of setting up certificates etc., I'd like to setup Sockets over SSL with Anonymous Diffie Hellman using AES encryption (TLS_DH_anon_WITH_AES_128_CBC_SHA mode).

但是，关于如何设置 SSLContext 或 SSLSocketFactory 以启用我想要的模式，我无法在网络或任何文档上找到任何合适的示例.我很感激这个最小的例子.

However I can't find any suitable examples on net or any documentation as to how I'd setup the SSLContext or SSLSocketFactory to enable the mode I want. I'd appreciate a minimal example for this.

推荐答案

您应该使用 setEnabledCipherSuites.

You should set the cipher suite on the SSLSocket (or SSLEngine) using setEnabledCipherSuites.

这篇关于带有匿名 Diffie Hellman 的 Java SSL/TLS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！