复制一个在Java中的PHP POST请求

huangapple go评论191阅读模式
英文:

Replicating a PHP POST request in Java

问题

我有一个正常运行的PHP脚本,它向一个旧服务器(我无法访问)发出POST请求。我需要在Java/Spring中编写一个REST API,用于处理与这个旧服务器的所有通信。然而,我一直在收到以下异常:

> SSLHandshakeException: DH ServerKeyExchange不符合算法约束

我猜想服务器的安全级别太低了(我无法更改)。PHP脚本设置了一个SSL密码列表,我不知道如何在Java中复制这个设置。因此,问题是,如何降低我Java应用程序的安全级别,以便它可以与服务器通信?

PHP代码:

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=utf8'));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "AES128-SHA");
$response = curl_exec($ch);
echo $response;

我编写的Java代码:

CloseableHttpClient client = HttpClients.createDefault();
    
HttpPost httpPost = new HttpPost(url);
httpPost.setEntity(new StringEntity(json));

CloseableHttpResponse response = client.execute(httpPost); //此处发生SSLHandshakeException
    
String result = getResultStringFromResponse(response);
    
client.close();
return result;

我对POST请求的经验非常有限,并且已经花了几天时间解决这个问题,但没有任何进展。非常感谢任何指导/提示!

英文:

I have this working PHP script that makes a POST request to an old server (which i don't have access to). I need to write a REST api in Java/Spring that handles all communication with this old server. I do, however, keep getting the following exception:

> SSLHandshakeException: DH ServerKeyExchange does not comply to algorithm constraints

My guess is that the server has too low a security level (which i can't change). The PHP script sets a SSL cipher list, which i don't know how to replicate in Java. And hence the question is, how do i lower the security level of my Java application such that it can communicate with the server?

The php code:

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=utf8'));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "AES128-SHA");
$response = curl_exec($ch);
echo $response;

The Java code i wrote:

CloseableHttpClient client = HttpClients.createDefault();
    
HttpPost httpPost = new HttpPost(url);
httpPost.setEntity(new StringEntity(json));

CloseableHttpResponse response = client.execute(httpPost); //Here SSLHandshakeException occurs
    
String result = getResultStringFromResponse(response);
    
client.close();
return result;

I have very limited experience with POST requests in general and have been working on this problem for several days without any progress. Any guidance/tips will be much appreciated!

答案1

得分: 0

UPDATE:

我成功解决了这个问题,方法是移除了Java对于HTTP请求所需的密钥约束。

这是通过前往我的JDK文件夹并在文件/conf/security/java.security中移除"DH keySize < 1024"来完成的。这个变更使得Java接受服务器的低安全级别。如果有人知道如何在运行时(仅对特定的POST请求)实现这一点,那将是一个更好的解决方案。

英文:

UPDATE:

I managed to solve this issue by removing the key constraint that java requires for http requests.

This was done by going to my jdk folder and removing "DH keySize < 1024" in the file /conf/security/java.security. That change made java accept low security level of the server. If anybody knows how to do it at runtime instead (such that is only for that specific POST request) that would be a much better solution.

huangapple
  • 本文由 发表于 2020年8月27日 14:46:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/63610546.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定