英文:
Java sockets: How to know which version of TLS my SslSocket is currently using?
问题
我的客户拨打服务器。我们最近采用了一项安全策略,只允许TLS 1.2连接,但我们在过渡期间有所宽松:如果服务器和客户端无法达成一致的TLS 1.2套接字,那么将会引发一些警告以便修复此问题,但连接应该继续正常进行。
因此,我实际上并不是在寻找强制客户端仅创建TLS 1.2连接的方法,而是要知道当前使用的是哪个版本。
我的问题是如何从活动套接字获取这些信息。
以下是我的客户端如何创建套接字的方式:
public static SSLSocket getSSLsocket (String hostFQDN, int port, String ksFullPath, String ksPassword, String pkPassword) {
try {
SSLContext context = SSLContext.getInstance("TLS");
KeyManagerFactory keyMngFactory = KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(ksFullPath), ksPassword.toCharArray());
keyMngFactory.init(keyStore, pkPassword.toCharArray());
context.init(keyMngFactory.getKeyManagers(), null, null);
//TODO: 我们将需要一个truststore的定义... 与此同时:System.setProperty("javax.net.ssl.trustStore", "src/resources/certificates/epp/cacertsuk");
SSLSocketFactory sslScktFactory = context.getSocketFactory();
return (SSLSocket) sslScktFactory.createSocket(hostFQDN, port);
} catch (Exception e) {
throw new RuntimeException("无法创建SSL套接字", e);
}
}
我知道有一个类似的问题:https://stackoverflow.com/questions/10500511/how-to-find-what-ssl-tls-version-is-used-in-java,其中主要答案似乎说我可以从SSLSocket获取SSLSession,然后调用.getProtocol... 但是没有提供如何实现的示例,我也无法自己找到解决方案。
英文:
My client dials a server. We've recently adopted a security policy to allow only TLS 1.2 connections but we are being soft with the transition: If the server and client cannot agree on a TLS 1.2 socket, then some warning is raised for this issue to be fixed but connection should proceed as normal.
So, I am not really looking for a way to enforce my client to only create TLS 1.2 connection but a way to know which one is currently used.
My question is about how to get that information from the live socket.
Here's how my client creates sockets:
public static SSLSocket getSSLsocket (String hostFQDN, int port, String ksFullPath, String ksPassword, String pkPassword) {
try {
SSLContext context = SSLContext.getInstance("TLS");
KeyManagerFactory keyMngFactory = KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(ksFullPath), ksPassword.toCharArray());
keyMngFactory.init(keyStore, pkPassword.toCharArray());
context.init(keyMngFactory.getKeyManagers(), null, null);
//TODO: We are going to need a truststore definition... Meanwhile: System.setProperty("javax.net.ssl.trustStore", "src/resources/certificates/epp/cacertsuk");
SSLSocketFactory sslScktFactory = context.getSocketFactory();
return (SSLSocket) sslScktFactory.createSocket(hostFQDN, port);
} catch (Exception e) {
throw new RuntimeException("Could not create SSL socket", e);
}
}
I am aware of this question: https://stackoverflow.com/questions/10500511/how-to-find-what-ssl-tls-version-is-used-in-java , where the leading answer seems to say I can get the SSLSession from the SSLSocket and then call .getProtocol... But an example on how to do this was not provided and I was unable to find the solution myself
答案1
得分: 1
我的问题是因为在这个类的上面,我正在使用套接字作为通用对象,它可以是纯文本或SSL... 所以,当我尝试执行socket.getSession时,我看不到那个方法...
到目前为止,我正在这样做:
public String getTls () {
SSLSocket temporaryReference = (SSLSocket) socket;
SSLSession sslSession = temporaryReference.getSession();
return sslSession.getProtocol();
}
然后我得到了:
TLSv1.2
现在,我可以做简单的部分 
我意识到这可能不是Stack Overflow 上最有价值的问题,但对于那些想做我想做的事情的人可能有用... 无论如何,现在已经超出了像我这样的凡人来决定这个问题发生了什么。无论如何,谢谢。
英文:
Ah, my problem is because above this class, I am using socket as a generic object, which could be plaintext or SSL... So, when I try to do socket.getSession - I don't see that method...
So far, I am doing:
public String getTls () {
SSLSocket temporaryReference = (SSLSocket) socket;
SSLSession sslSession = temporaryReference.getSession();
return sslSession.getProtocol();
}
And I am getting:
TLSv1.2
Now, I can do the easy part
I realize this may not be the most valuable question on SO but it may be useful for people looking to do what I am looking to do... Anyway it is now beyond such mortals as myself to decide what happens with the question. Thanks anyway.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论