如何指定要在SSL会话中使用的密码套件 [英] How to specify the ciphersuite to be used in SSL session
问题描述
我在端口443上创建了一个套接字,如下所示:
I have created a socket on port 443 as in the following line:
socket = (SSLSocket) factory.createSocket(hostName, port);
然后,我想在这个套接字中看到启用的密码套件,我用过:
Then, I wanted to see the enabled ciphersuites in this socket, I used:
String[] enCiphersuite=socket.getEnabledCipherSuites();
System.out.println("Enabled ciphersuites are: "+Arrays.toString(enCiphersuite));
然后,我想只选择一个我希望我的应用程序在创建握手时使用的密码套件远程服务器。我做了以下事情:
Then, I want to pick only one ciphersuite that I want my application to use when creating handshake with the remote server. I did the following:
String pickedCipher[] ={"TLS_RSA_WITH_AES_128_CBC_SHA"};
socket.setEnabledCipherSuites(pickedCipher);
System.out.println("ciphersuite set to: "+Arrays.toString(pickedCipher));
然后我做了握手,并检查了会话密码:
Then I made the handshake, and checked the session ciphersuite:
socket.startHandshake();
System.out.println("Session ciphersuite is"+socket.getSession().getCipherSuite() );
但我发现握手后打印输出语句中打印的密码名称(因为我)明白,这是会话中实际使用的密码)不是我之前设置的 setEnabledCipherSuites()
But I found that the name of the cipher printed in the previous printout statement after the handshake (as I understand, this is the actually used cipher in the session) is not what I set earlier using setEnabledCipherSuites()
为什么我仍然没有看到我选择的密码套件是用过的密码套件?而且,我还尝试 getEnabledCipherSuites()并在我 setEnabledCipherSuites 后打印出来,发现列表没有改变我所设定的。我不确定何时打印启用的密码套件,这个密码套件列表是否依赖于Java并始终是相同的列表,还是取决于客户端或服务器?有人可以解释一下吗?
Why am I still not see my chosen ciphersuite is the used one ? and also, I also tried to getEnabledCipherSuites() and print it out after I setEnabledCipherSuites and found the list has not changed to what I have set. I am not sure when I print the enabled ciphersuite, is this list of ciphersuites depends on Java and always the same list, or depends on the client or on the server? Can any body explain ?
编辑:
握手前我只有以下几行:
Before the handshake I only have the following lines:
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket=null;
try {
socket = (SSLSocket) factory.createSocket(hostName, port);
socket.setSoTimeout(15000);
socket.startHandshake(); //handshake
.
.
推荐答案
我发现了我在
setEnableCipherSuite()之前添加了socket.getsession(),以便在设置之前打印出启用的cipheres
。当我删除它时,密码已经设置。为什么
是那个?
I found out that I added socket.getsession() before the setEnableCipherSuite() in order to print out the enabled cipheres before setting them. When I removed it, the cipher has been set. why is that ?
As documented in the SSLSocket JavaDoc:
此连接的初始握手可以用
三种方式之一启动:
The initial handshake on this connection can be initiated in one of three ways:
- 调用startHandshake显式开始握手,或
- 任何在此套接字上读取或写入应用程序数据的尝试都会导致隐式握手,或
- 如果当前没有有效会话,则调用getSession会尝试设置会话,并且隐式握手已完成。
- calling startHandshake which explicitly begins handshakes, or
- any attempt to read or write application data on this socket causes an implicit handshake, or
- a call to getSession tries to set up a session if there is no currently valid session, and an implicit handshake is done.
如果在调用 setEnabledCipherSuite()之前调用 getSession(),当您尝试设置启用的密码套件时,握手已经完成,因此已经选择了此会话的密码套件。
If you call getSession() before calling setEnabledCipherSuite(), the handshake has already been done when you try to set the enabled cipher suites, so this session's cipher suite has already been selected.
这篇关于如何指定要在SSL会话中使用的密码套件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
