文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >在Apache http5客户端上设置SSL参数

在Apache http5客户端上设置SSL参数
EN

Stack Overflow用户
提问于 2022-03-06 23:16:35
回答 1查看 153关注 0票数 0

为了获得http2 2/HTTP1.1的支持,我将从4升级到版本5。我需要指定我的客户提供的密码。我假设H2/1.1ALPN是AsyncHttpClient的默认行为。

下面是httpcomponents 4客户端的当前代码

代码语言:javascript
复制
    // TLS
    SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(
            SSLContexts.createDefault(),
            new String[] { "TLSv1.2" },
            new String[] {"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384",
                    "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
                    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
                    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256",
                    "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA",
                    "TLS_RSA_WITH_AES_256_CBC_SHA"},
            SSLConnectionSocketFactory.getDefaultHostnameVerifier());

    // Proxy
    HttpHost proxyhost = new HttpHost(proxyAddress, proxyPort);
    HttpRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxyhost);
    CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(
            new AuthScope(proxyAddress, proxyPort),
            new UsernamePasswordCredentials(proxyUsername, proxyPassword)
    );

    httpClient = HttpClients.custom()
            .setRoutePlanner(routePlanner)
            .setSSLSocketFactory(sslConnectionFactory)
            .setDefaultCredentialsProvider(credentialsProvider)
            .setRedirectStrategy(new LaxRedirectStrategy())
            .setDefaultCookieStore(cookieStore)
            .build();

除了指定SSL工厂之外,在创建asyc客户端时,一切似乎都大致相同。因此,设置TLS参数似乎采取了不同的路线。我花了大约一个小时寻找例子和文档,没有任何运气。一些例子显示了一个名为TLSConfig的类,但是我找不到它的任何文档。

任何帮助都是非常感谢的。

apache-httpcomponents
asynchttpclient
tls1.2
http2
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2022-03-07 08:34:55

您需要按照项目网站1上的“自定义SSL上下文”示例中所示的方式构建一个自定义TlsStrategy

TLSConfig将在5.2版上发布,该版本将很快进入测试版。

代码语言:javascript
复制
final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
    .setTlsVersions(TLS.V_1_2)
    .setCiphers("TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384",
            "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA",
            "TLS_RSA_WITH_AES_256_CBC_SHA")
    .build();

final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
    .setTlsStrategy(tlsStrategy)
    .build();
try (final CloseableHttpAsyncClient client = HttpAsyncClients.custom()
    .setConnectionManager(cm)
    .build()) {

client.start();

final HttpHost target = new HttpHost("https", "httpbin.org");
final HttpClientContext clientContext = HttpClientContext.create();

final SimpleHttpRequest request = SimpleRequestBuilder.get()
        .setHttpHost(target)
        .setPath("/")
        .build();

System.out.println("Executing request " + request);
final Future<SimpleHttpResponse> future = client.execute(
        SimpleRequestProducer.create(request),
        SimpleResponseConsumer.create(),
        clientContext,
        new FutureCallback<SimpleHttpResponse>() {

            @Override
            public void completed(final SimpleHttpResponse response) {
                System.out.println(request + "->" + new StatusLine(response));
                final SSLSession sslSession = clientContext.getSSLSession();
                if (sslSession != null) {
                    System.out.println("SSL protocol " + sslSession.getProtocol());
                    System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
                }
                System.out.println(response.getBody());
            }

            @Override
            public void failed(final Exception ex) {
                System.out.println(request + "->" + ex);
            }

            @Override
            public void cancelled() {
                System.out.println(request + " cancelled");
            }

        });
future.get();

System.out.println("Shutting down");
client.close(CloseMode.GRACEFUL);

1

票数 1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/71374949

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档