How to get a simple Java client in eclipse to connect to a server using TLS1.2 protocol

I have tried several of the usual methods of accessing a rest service using httpclient, urlconnection, etc., to no avail.

I have read countless Stack Overflow articles on how to do this, nothing works in my eclipse mobilefirst/RSA environment. I am running jdk 1.7 with mobilefirst 7.1.1 And RSA 9.1.1.

From what I have read, you have to set the SSLContext to talk to a tls1.2 server...As the same code works fine on other servers. There is only one way I have seen that allows you to set the SSLContext and that is with ClientHTTPBuilder.

So here are a couple of examples:

This example works for this URL...But not the one using tls1.2

URL url = new URL("https://wikipedia.org");
        URLConnection urlConnection = url.openConnection();
        InputStream in = urlConnection.getInputStream();
        str = getStringByBufferedReader(in);

Second example:

SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, null, null);
HttpClientBuilder clientBuilder = HttpClientBuilder.create().setSslcontext(context);
HttpGet request = new HttpGet(baseURL);
request.addHeader("Authorization", basicAuthorization);
request.addHeader("Accept", "text/plain");
CloseableHttpClient httpClient = clientBuilder.build();
CloseableHttpResponse httpResponse = httpClient.execute(request);

Both connection types get the following error:

Exception in Test method = javax.net.ssl.SSLException: Received fatal alert: protocol_version

I have imported the certificate as well. I have also tried jdk 1.8 to no avail.

TLS in JRE7 resolves to TLSv1. Explicitly set protocol to TLSv1.2:

SSLContext context = SSLContext.getInstance("TLSv1.2");

Otherwise your example with HttpClientBuilder is OK.

EDIT:

If you want to disable host name check (it is bad idea in production system):

With Apache httpclient < 4.3:

package hello;

import java.net.URI;

import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;


public class client {

    public static void main(String args[]) throws Exception {

//      System.setProperty("javax.net.debug", "ssl:handshake:verbose");

        SSLSocketFactory socketFactory = null ;

        // Set benevolent host name verifier            
        socketFactory = new SSLSocketFactory( "TLS" , null /* Keystore*/ , 
                null /* keystore passwd */ ,null /* trusts store */ , null , 
                SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER ) ;

        Scheme sch = new Scheme("https", 443, socketFactory);
        DefaultHttpClient httpClient = new DefaultHttpClient() ;        
        httpClient.getConnectionManager().getSchemeRegistry().register(sch);        

        HttpGet request = new HttpGet(new URI("https://www.wikipedia.org/"));
//        request.addHeader("Authorization", basicAuthorization);
//        request.addHeader("Accept", "text/plain");
        CloseableHttpResponse httpResponse = httpClient.execute(request);
        System.out.println(httpResponse.getStatusLine());

        httpClient.close(); 
    }
}

With Apache httpclient >= 4.3:

package hello;

import java.net.URI;
import java.util.Arrays;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;

import sun.security.ssl.SSLSocketFactoryImpl;

public class client {

    public static void main(String args[]) throws Exception {

//      System.setProperty("javax.net.debug", "ssl:handshake:verbose");

        SSLContext context = SSLContext.getInstance("TLSv1.2");
        context.init(null, null, null);

        SSLConnectionSocketFactory sslCF = new SSLConnectionSocketFactory(context, new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                // or add your own test here
                return true;
            }
        });

        CloseableHttpClient httpClient = HttpClientBuilder
                .create()
                .setSSLSocketFactory(sslCF)
                .build();

        HttpGet request = new HttpGet(new URI("https://www.wikipedia.org/"));
//        request.addHeader("Authorization", basicAuthorization);
//        request.addHeader("Accept", "text/plain");
        CloseableHttpResponse httpResponse = httpClient.execute(request);
        System.out.println(httpResponse.getStatusLine());           
    }
}

I was able to fix it with one line in main class:

 System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");

来源：https://stackoverflow.com/questions/34618561/how-to-get-a-simple-java-client-in-eclipse-to-connect-to-a-server-using-tls1-2-p

标签

tls1.2