如何在apache HttpClient上设置TLS版本 [英] How to set TLS version on apache HttpClient

问题描述

如何在HttpClient上更改支持的TLS版本？

How can I change the supported TLS versions on my HttpClient?

我正在做：

SSLContext sslContext = SSLContext.getInstance("TLSv1.1");
sslContext.init(
    keymanagers.toArray(new KeyManager[keymanagers.size()]),
    null,
    null);

SSLSocketFactory socketFactory = new SSLSocketFactory(sslContext, new String[]{"TLSv1.1"}, null, null);
Scheme scheme = new Scheme("https", 443, socketFactory);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(scheme);
BasicClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
httpClient = new DefaultHttpClient(cm);

但是当我检查创建的套接字时，它仍然说支持的协议是TLSv1.0，TLSv1。 1和TLSv1.2。

But when I check the created socket, it still says the supported protocols are TLSv1.0, TLSv1.1 and TLSv1.2.

实际上我只是希望它停止使用TLSv1.2，对于这个特定的HttpClient。

In reality I just want it to stop using TLSv1.2, for this specific HttpClient.

推荐答案

解决方案是：

SSLContext sslContext = SSLContexts.custom()
    .useTLS()
    .build();

SSLConnectionSocketFactory f = new SSLConnectionSocketFactory(
    sslContext,
    new String[]{"TLSv1", "TLSv1.1"},   
    null,
    BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);

httpClient = HttpClients.custom()
    .setSSLSocketFactory(f)
    .build();

这需要org.apache.httpcomponents.httpclient 4.3.x尽管。

This requires org.apache.httpcomponents.httpclient 4.3.x though.

这篇关于如何在apache HttpClient上设置TLS版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！