1. Overview
1.概述
When it comes to SSL connections, we should be using TLSv1.2. Indeed, it’s the default SSL protocol for Java 8.
当涉及到SSL连接时,我们应该使用TLSv1.2。事实上,它是Java 8的默认SSL协议。
And while Java 7 supports TLSv1.2, the default is TLS v1.0, which is too weak these days.
虽然Java 7支持TLSv1.2,但默认的是TLS v1.0,这在现在是太弱了。
In this tutorial, we’ll discuss various options to configure Java 7 to use TLSv1.2.
在本教程中,我们将讨论配置Java 7以使用TLSv1.2的各种选项。
2. Using Java VM Arguments
2.使用Java虚拟机参数
If we are using Java 1.7.0_95 or later, we can add the jdk.tls.client.protocols property as a java command-line argument to support TLSv1.2:
如果我们使用Java 1.7.0_95或更高版本,我们可以添加jdk.tls.client.protocols属性作为java命令行参数来支持TLSv1.2。
java -Djdk.tls.client.protocols=TLSv1.2 <Main class or the Jar file to run>But Java 1.7.0_95 is available only to the customers who purchased support from Oracle. So, we’ll review other options below to enable TLSv1.2 on Java 7.
但是Java 1.7.0_95只适用于从Oracle购买支持的客户。因此,我们将在下面审查其他选项,以便在Java 7上启用TLSv1.2。
3. Using SSLSocket
3.使用SSLSocket
In this first example, we’ll enable TLSv1.2 using SSLSocketFactory.
在这第一个例子中,我们将使用SSLSocketFactory启用TLSv1.2。
First, we can create a default SSLSocketFactory object by calling the SSLSocketFactory#getDefault factory method.
首先,我们可以通过调用SSLSocketFactory#getDefault工厂方法创建一个默认的SSocketFactory对象。
Then, we simply pass our host and port to SSLSocket#createSocket:
然后,我们只需将我们的主机和端口传递给SSLSocket#createSocket。
SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(hosturl, port);The default SSLSocket created above doesn’t have any SSL protocols associated with it. We can associate the SSL protocols to our SSLSocket in a couple of ways.
上面创建的默认SSLSocket并没有与任何SSL协议相关联。我们可以通过几种方式将SSL协议与我们的SSLSocket相关联。
In the first approach, we can pass an array of supported SSL protocols to the setEnabledProtocols method on our SSLSocket instance:
在第一种方法中,我们可以向SSLSocket 实例上的setEnabledProtocols方法传递一个支持的SSL协议数组。
sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"});Alternatively, we can use SSLParameters, using the same array:
或者,我们可以使用SSLParameters,使用相同的数组。
SSLParameters params = new SSLParameters();
params.setProtocols(new String[] {"TLSv1.2"});
sslSocket.setSSLParameters(params);4. Using SSLContext
4.使用SSLContext
Setting the SSLSocket directly changes only the one connection. We can use SSLContext to change the way we create the SSLSocketFactory.
设置SSLSocket直接改变的只是一个连接。我们可以使用SSLContext 来改变我们创建SSLSocketFactory的方式。
So, instead of using SSLSocketFactory#getInstance, let’s do SSLContext#getInstance, giving it “TLSv1.2” as a parameter. We can just get our SSLSocketFactory from that now:
因此,与其使用SSLSocketFactory#getInstance,我们来做SSLContext#getInstance,给它”TLSv1.2“作为参数。我们现在可以直接从那里获得我们的SSLSocketFactory:。
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, new SecureRandom());
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(url, port);As a quick side note, always remember to use SecureRandom when working with SSL.
作为一个快速的附带说明,在使用SSL时,始终记得使用SecureRandom。
5. Using HttpsURLConnection
5.使用HttpsURLConnection
Of course, we aren’t always creating sockets directly. Oftentimes, we are at the application protocol level.
当然,我们并不总是直接创建套接字。很多时候,我们是在应用协议层面。
So, finally, let’s see how to enable TLSv1.2 on HttpsURLConnection.
所以,最后,让我们看看如何在HttpsURLConnection上启用TLSv1.2。
First, we’ll need an instance of URL. Let’s imagine that we are connecting to https://example.org:
首先,我们需要一个URL的实例。让我们想象一下,我们正在连接到https://example.org。
URL url = new URL("https://" + hosturl + ":" + port);Now, we can set up our SSLContext as before:
现在,我们可以像以前一样设置我们的SSLContext。
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, new SecureRandom());Then, our last steps are to create the connection and supply it with an SSLSocketFactory:
然后,我们最后的步骤是创建连接,并为其提供一个SSLSocketFactory:。
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(sslContext.getSocketFactory());6. Conclusion
6.结语
In this quick article, we showed a few ways to enable TLSv1.2 on Java 7.
在这篇快速文章中,我们展示了在Java 7上启用TLSv1.2的几种方法。
The code samples used in this article are available over on GitHub.
本文中使用的代码样本可在GitHub上找到over。