如何使用SSLv2启动ssl连接 [英] How to initiate ssl connection using SSLv2

问题描述

我想使用SSLv2启动与远程服务器的SSL连接。我正在使用Java。我尝试使用以下方法在套接字中获取支持的协议：

I want to initiate an SSL connection with a remote server using SSLv2. I am using Java. I tried to get the supported protocols in my socket using:

String[] suppProtocols=socket.getSupportedProtocols();
System.out.println("The protocols supported for this socket are: 
"+Arrays.toString(suppProtocols));

我在输出中得到了这个：

and I got this in the output:

[SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

现在，我读到Java不支持SSLv2，而SSLv2Hello只使用SSLv2发送hello消息。我无法理解这意味着什么？是不是客户端支持SSLv2？如何使用SSLv2建立SSL连接。

Now, I read that Java does not support SSLv2 and SSLv2Hello only sends hello message using SSLv2. I can't grasp what does this means? Isn't the same as if the client support SSLv2? How can I make SSL connection using SSLv2.

推荐答案

SSLv3和TLSv1.x提供了一种将客户端Hello消息包装在一起的方法SSLv2客户端您好，如 TLS规范中所述：与SSL的向后兼容性 。 SSLv3和TLS 1及更高版本具有更一致的机制来协商版本。正如TLS规范所说：

SSLv3 and TLSv1.x offer a way to wrap their Client Hello message in an SSLv2 Client Hello, as described in the TLS specification: Backward compatibility with SSL. SSLv3 and TLS 1 and above have a more consistent mechanism to negotiate the version. As the TLS spec says:

发送版本2.0客户端问候消息的能力将是
逐步淘汰所有应急速度。实施者应该尽可能快地向前推进
的努力。版本3.0
提供了更好的移植到更新版本的机制。

The ability to send Version 2.0 client hello messages will be phased out with all due haste. Implementors SHOULD make every effort to move forward as quickly as possible. Version 3.0 provides better mechanisms for moving to newer versions.

Sun / Oracle JRE或OpenJDK不支持SSLv2 。将SSLv3 +消息包装到SSLv2消息中只是为了向后兼容。现在，对于Java 7中的客户端，现在默认禁用。从服务器的角度来看，它至少可以接受以这种方式将其客户端Hello消息包装在SSLv2消息中的其他SSLv3 +客户端，无论它们是否支持SSLv2。

The Sun/Oracle JRE or OpenJDK doesn't support SSLv2. Wrapping an SSLv3+ message into an SSLv2 message was just for backward compatibility. It is now disabled by default for clients in Java 7. From a server point of view, it can at least accept other SSLv3+ clients that wrap their Client Hello message in an SSLv2 message this way, whether they support SSLv2 or not.

您可以在此问题中找到有关Java支持（包括其他实现）的更多详细信息。

You'll find more details about Java support (including other implementations) in this question.

一般来说，SSLv2被认为是不安全的：你根本就不应该使用它。总的趋势是从SSLv3转向TLS 1.0或更高版本，而不是倒退。

Generally speaking, SSLv2 is considered insecure: you simply shouldn't use it. The general trend is to move away from SSLv3 towards TLS 1.0 or higher, not to go backwards.

这篇关于如何使用SSLv2启动ssl连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！