带有 CXF 的肥皂,设置 SSL 和 TLS 协议版本

【问题标题】:Soap with CXF, set SSL and TLS protocol version带有 CXF 的肥皂,设置 SSL 和 TLS 协议版本
【发布时间】:2016-08-20 16:14:04
【问题描述】:

根据以下代码,如何将协议设置为 TLSv1.2,TLSv1,SSLv3 ?

使用 SoapUi,我可以使用以下配置请求服务:-Dsoapui.https.protocols=TLSv1.2,TLSv1,SSLv3

使用 CXF,我收到“javax.net.ssl.SSLHandshakeException:没有适当的协议(协议被禁用或密码套件不合适)”

如果我要删除 SSLv3,则输出为“javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure”

对不起,我对 Soap 和 SSL 的了解很少......

URL wsdlLocation = this.getClass().getResource("service.wsdl");

Service service = new Service(wsdlLocation);
Soap stub = service.getSoap();

BindingProvider bp = (BindingProvider) stub;

Map<String, Object> context = bp.getRequestContext();

context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service");

Client client = ClientProxy.getClient(stub);

HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    tlsParams.setSecureSocketProtocol("SSLv3");

    KeyStore keyStore = KeyStore.getInstance("JKS");
    String trustpass = "pass";

    File truststore = new File("/home/user/keystore.jks");
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
    TrustManagerFactory trustFactory = TrustManagerFactory
            .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(keyStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);

    truststore = new File("/home/user/keystore.jks");
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, trustpass.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);

    FiltersType filter = new FiltersType();
    filter.getInclude().add(".*_EXPORT_.*");
    filter.getInclude().add(".*_EXPORT1024_.*");
    filter.getInclude().add(".*_WITH_DES_.*");
    filter.getInclude().add(".*_WITH_NULL_.*");
    filter.getExclude().add(".*_DH_anon_.*");
    tlsParams.setCipherSuitesFilter(filter);

    httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
    LOG.error(e.getMessage());
}

【问题讨论】:

    标签: java web-services ssl soap


    【解决方案1】:

    我也遇到过同样的问题,通过更改协议名称解决了 tlsParams.setSecureSocketProtocol("SSL");tlsParams.setSecureSocketProtocol("TLSv1");

    注意您应该在更改之前确定之前的协议版本(SSLv1?SSLv2?TLSv1....)。请参考determine the protocol name and version

    另外,如果此解决方法不适合您,请参考 possible causes 希望这对您和其他人有用

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2014-02-02
      • 2013-11-20
      • 2013-09-02
      • 2018-11-26
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-02-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode