Java sockets:如何知道我的SslSocket当前正在使用哪个版本的TLS?

huangapple go评论82阅读模式
英文:

Java sockets: How to know which version of TLS my SslSocket is currently using?

问题

我的客户拨打服务器。我们最近采用了一项安全策略,只允许TLS 1.2连接,但我们在过渡期间有所宽松:如果服务器和客户端无法达成一致的TLS 1.2套接字,那么将会引发一些警告以便修复此问题,但连接应该继续正常进行。

因此,我实际上并不是在寻找强制客户端仅创建TLS 1.2连接的方法,而是要知道当前使用的是哪个版本。

我的问题是如何从活动套接字获取这些信息。

以下是我的客户端如何创建套接字的方式:

public static SSLSocket getSSLsocket (String hostFQDN, int port, String ksFullPath, String ksPassword, String pkPassword) {
    try {
        SSLContext context = SSLContext.getInstance("TLS");
        KeyManagerFactory keyMngFactory = KeyManagerFactory.getInstance("SunX509");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");

        keyStore.load(new FileInputStream(ksFullPath), ksPassword.toCharArray());
        keyMngFactory.init(keyStore, pkPassword.toCharArray());
        context.init(keyMngFactory.getKeyManagers(), null, null);
        //TODO: 我们将需要一个truststore的定义... 与此同时:System.setProperty("javax.net.ssl.trustStore", "src/resources/certificates/epp/cacertsuk");
        SSLSocketFactory sslScktFactory = context.getSocketFactory();
        return (SSLSocket) sslScktFactory.createSocket(hostFQDN, port);
    } catch (Exception e) {
        throw new RuntimeException("无法创建SSL套接字", e);
    }
}

我知道有一个类似的问题:https://stackoverflow.com/questions/10500511/how-to-find-what-ssl-tls-version-is-used-in-java,其中主要答案似乎说我可以从SSLSocket获取SSLSession,然后调用.getProtocol... 但是没有提供如何实现的示例,我也无法自己找到解决方案。

英文:

My client dials a server. We've recently adopted a security policy to allow only TLS 1.2 connections but we are being soft with the transition: If the server and client cannot agree on a TLS 1.2 socket, then some warning is raised for this issue to be fixed but connection should proceed as normal.

So, I am not really looking for a way to enforce my client to only create TLS 1.2 connection but a way to know which one is currently used.

My question is about how to get that information from the live socket.

Here's how my client creates sockets:

public static SSLSocket getSSLsocket (String hostFQDN, int port, String ksFullPath, String ksPassword, String pkPassword) {
    try {
        SSLContext context = SSLContext.getInstance("TLS");
        KeyManagerFactory keyMngFactory = KeyManagerFactory.getInstance("SunX509");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");

        keyStore.load(new FileInputStream(ksFullPath), ksPassword.toCharArray());
        keyMngFactory.init(keyStore, pkPassword.toCharArray());
        context.init(keyMngFactory.getKeyManagers(), null, null);
        //TODO: We are going to need a truststore definition... Meanwhile: System.setProperty("javax.net.ssl.trustStore", "src/resources/certificates/epp/cacertsuk");
        SSLSocketFactory sslScktFactory = context.getSocketFactory();
        return (SSLSocket) sslScktFactory.createSocket(hostFQDN, port);
    } catch (Exception e) {
        throw new RuntimeException("Could not create SSL socket", e);
    }
}

I am aware of this question: https://stackoverflow.com/questions/10500511/how-to-find-what-ssl-tls-version-is-used-in-java , where the leading answer seems to say I can get the SSLSession from the SSLSocket and then call .getProtocol... But an example on how to do this was not provided and I was unable to find the solution myself

答案1

得分: 1

我的问题是因为在这个类的上面,我正在使用套接字作为通用对象,它可以是纯文本或SSL... 所以,当我尝试执行socket.getSession时,我看不到那个方法...

到目前为止,我正在这样做:

public String getTls () {
    SSLSocket temporaryReference = (SSLSocket) socket;
    SSLSession sslSession = temporaryReference.getSession();
    return sslSession.getProtocol();
}

然后我得到了:

TLSv1.2

现在,我可以做简单的部分 Java sockets:如何知道我的SslSocket当前正在使用哪个版本的TLS?

我意识到这可能不是Stack Overflow 上最有价值的问题,但对于那些想做我想做的事情的人可能有用... 无论如何,现在已经超出了像我这样的凡人来决定这个问题发生了什么。无论如何,谢谢。

英文:

Ah, my problem is because above this class, I am using socket as a generic object, which could be plaintext or SSL... So, when I try to do socket.getSession - I don't see that method...

So far, I am doing:

public String getTls () {
    SSLSocket temporaryReference = (SSLSocket) socket;
    SSLSession sslSession = temporaryReference.getSession();
    return sslSession.getProtocol();
}

And I am getting:

TLSv1.2

Now, I can do the easy part Java sockets:如何知道我的SslSocket当前正在使用哪个版本的TLS?

I realize this may not be the most valuable question on SO but it may be useful for people looking to do what I am looking to do... Anyway it is now beyond such mortals as myself to decide what happens with the question. Thanks anyway.

huangapple
  • 本文由 发表于 2020年8月13日 01:10:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/63381551.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定