在没有证书的 https 上的 java SSL [英] In java SSL over https without certificate

问题描述

Is it possible to use ssl with HttpURLConnection without using a certificate in Java?

I want to use a random number or a symmetric key.

解决方案

Although SSL/TLS doesn't strictly require certificates, HTTPS expects certificates, since RFC 2818 (in particular, Section 3.1) clearly refers to X.509 certificates.

You'll find more details in this answer on ServerFault, to a very similar question.

Whatever you do without certificate will be out of scope of RFC 2818, but it might still work (and make sense). However it is supported by other implementations may vary. If you choose not to use certificates, you'll still need a way to verify the identify of the server to ensure the security of the communication.

EDIT:

The Oracle provider for JSSE doesn't support PSK cipher suties (or OpenPGP certs). The closest to a shared-key you'll get out of that are Kerberos cipher suites.

这篇关于在没有证书的 https 上的 java SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！