Java 中的 Tomcat 6 和 TLSv1.2 [英] Tomcat 6 and TLSv1.2 In Java

问题描述

我在 tomcat 6 中部署了一个 Java 应用程序.该应用程序通过套接字将消息发送到另一个服务，它只需要使用 TLSv1.2 协议.在我的 tomcat6.conf 文件中，我放置了以下配置:

I have a Java app deployed in tomcat 6. The app sends messages to another service via socket and it needs to use ONLY TLSv1.2 protocol. In my tomcat6.conf file I put this configuration:

JAVA_HOME=/usr/lib/jvm/jre1.7.0_75
JAVA_OPTS="${JAVA_OPTS} -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dhttps.protocols=TLSv1.2"

但是 stll 使用旧的 tls 版本.

But stll use the older tls version.

在java或tomcat有什么配置可以强制使用TLSv1.2吗?

It there any configuration to apply in java or tomcat to force use TLSv1.2?

编辑 1:@Peter Walser 提供的答案很好，可以工作.问题是我不能修改代码，因为是第三方提供的jar，我只能配置环境，不能配置代码.

Edit 1: The answer provided by @Peter Walser is good and could work. The problem is I can't modify the code because is a jar provided by third party, and I can only configure the enviroment, not the code.

推荐答案

https.protocols 系统属性仅适用于 HttpsURLConnection 和 URL.openStream()，如诊断中所述TLS、SSL 和 HTTPS

The https.protocols system property is only considered for HttpsURLConnection and URL.openStream(), as stated in Diagnosing TLS, SSL, and HTTPS

控制 Java 客户端使用的协议版本，这些客户端通过使用 HttpsURLConnection 类或通过 URL.openStream() 操作获取 https 连接....

Controls the protocol version used by Java clients which obtain https connections through use of the HttpsURLConnection class or via URL.openStream() operations. ...

对于非 HTTP 协议，这可以通过 SocketFactory 的 SSLContext 进行控制.

For non-HTTP protocols, this can be controlled through the SocketFactory's SSLContext.

您可以按如下方式配置 SSLSocket:

You can configure the SSLSocket as follows:

SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setEnabledProtocols(new String[] {"TLSv1.2"});

当使用 REST 客户端时，它们中的大多数支持通过 SSLContext 配置协议.示例(JAX-RS 客户端):

When working with REST-clients, most of them support configuring the protocols over the SSLContext. Example (JAX-RS client):

Client client = ClientBuilder.newBuilder()
    .sslContext(SSLContext.getInstance("TLSv1.2"))
    // more settings, such as key/truststore, timeouts, logging
    .build();

这篇关于Java 中的 Tomcat 6 和 TLSv1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！