问题
The normal way to get an SSLSocketFactory would be to initialize a new SSLContext with a TrustManager, KeyManager and SecureRandom and use the getSocketFactory() method. However, this does not allow me to enable the required cipher suites or protocols.
The only configuration that HttpsURLConnection permits that would allow such a change is by setting its default SSLSocketFactory. I can create a class that extends SSLSocketFactory and override the getDefaultCipherSuites() method and wrap the sockets created by createSocket() to have the required ciphers and protocols set. However, this method does not allow me to initialize a TrustManager for the connection?
Is there a method I can do both - set cipher suites and protocols and initialize a trust manager?
回答1:
Take the SSLSocketFactory obtained by SSLContext.getSocketFactory() and wrap it in a custom subclass of SSLSocketFactory, which delegates to the one obtained from SSLContext, but in createSocket() also sets the required cipher.
回答2:
See the JSSE Reference Guide. You can set the cipher suites via system properties.
来源:https://stackoverflow.com/questions/17555006/how-to-set-the-list-of-ciphers-and-protocols-to-be-used-for-sockets-created-by-u