2016-04-26 74 views
0

根据以下代码,我该如何将协议设置为TLSv1.2,TLSv1,SSLv3?使用CXF皂,设置SSL和TLS协议版本

使用SOAPUI,我可以使用下面的配置来请求服务:-Dsoapui.https.protocols = TLSv1.2工作,使用TLSv1,SSLv3的

利用CXF,我得到一个“javax.net .ssl.SSLHandshakeException:没有适当的协议(协议被禁用或密码套件不当)”

,如果我删除的SSLv3,输出为‘javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure’

对不起,我对Soap和SSL知之甚少......

URL wsdlLocation = this.getClass().getResource("service.wsdl"); 

Service service = new Service(wsdlLocation); 
Soap stub = service.getSoap(); 

BindingProvider bp = (BindingProvider) stub; 

Map<String, Object> context = bp.getRequestContext(); 

context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service"); 

Client client = ClientProxy.getClient(stub); 

HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); 
try { 
    TLSClientParameters tlsParams = new TLSClientParameters(); 
    tlsParams.setDisableCNCheck(true); 
    tlsParams.setSecureSocketProtocol("SSLv3"); 

    KeyStore keyStore = KeyStore.getInstance("JKS"); 
    String trustpass = "pass"; 

    File truststore = new File("/home/user/keystore.jks"); 
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray()); 
    TrustManagerFactory trustFactory = TrustManagerFactory 
      .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
    trustFactory.init(keyStore); 
    TrustManager[] tm = trustFactory.getTrustManagers(); 
    tlsParams.setTrustManagers(tm); 

    truststore = new File("/home/user/keystore.jks"); 
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray()); 
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
    keyFactory.init(keyStore, trustpass.toCharArray()); 
    KeyManager[] km = keyFactory.getKeyManagers(); 
    tlsParams.setKeyManagers(km); 

    FiltersType filter = new FiltersType(); 
    filter.getInclude().add(".*_EXPORT_.*"); 
    filter.getInclude().add(".*_EXPORT1024_.*"); 
    filter.getInclude().add(".*_WITH_DES_.*"); 
    filter.getInclude().add(".*_WITH_NULL_.*"); 
    filter.getExclude().add(".*_DH_anon_.*"); 
    tlsParams.setCipherSuitesFilter(filter); 

    httpConduit.setTlsClientParameters(tlsParams); 
} catch (Exception e) { 
    LOG.error(e.getMessage()); 
} 

回答

1

我也遇到同样的问题,并解决它通过改变从 tlsParams.setSecureSocketProtocol("SSL");tlsParams.setSecureSocketProtocol("TLSv1");

注意要确定哪些协议版本(SSLv1协议名称?的SSLv2? TLSv1 ....)之前更改它。请参考determine the protocol name and version

另外,如果这种解决方法不为你工作,请参阅possible causes 希望对您和他人

这项工作