Get SSL Version used in HttpsURLConnection - Java

前端 未结 1 1508
轮回少年
轮回少年 2021-01-05 11:00

I am developing a java agent to monitor http communications happening in my application server. I like to know the SSL version(SSLv3, TLS, etc) used in outgoing Https connec

1条回答
  •  逝去的感伤
    2021-01-05 11:51

    I used this solution, maybe it can help you:

    First you need an extension class of SSLSocketFactory to attach a HandshakeCompletedListener to the sockets created by the SSLSocketFactory: (inspired by How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)

    public class SecureSSLSocketFactory extends SSLSocketFactory {
    private final SSLSocketFactory delegate;
    private HandshakeCompletedListener handshakeListener;
    
    public SecureSSLSocketFactory(
            SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
        this.delegate = delegate;
        this.handshakeListener = handshakeListener;
    }
    
    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) 
        throws IOException {
        SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
    
        if (null != this.handshakeListener) {
            socket.addHandshakeCompletedListener(this.handshakeListener);
        }
    
        return socket;
    }
    // and so on for all the other createSocket methods of SSLSocketFactory.
    
    @Override
    public String[] getDefaultCipherSuites() {
        // TODO: or your own preferences
        return this.delegate.getDefaultCipherSuites();
    }
    
    @Override
    public String[] getSupportedCipherSuites() {
        // TODO: or your own preferences
        return this.delegate.getSupportedCipherSuites();
    }
    

    Then you need an implementation of the HandshakeCompletedListener interface. You must implement the handshakeCompleted method:

    public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
    @Override
    public void handshakeCompleted(HandshakeCompletedEvent event) {
        SSLSession session = event.getSession();
        String protocol = session.getProtocol();
        String cipherSuite = session.getCipherSuite();
        String peerName = null;
    
        try {
            peerName = session.getPeerPrincipal().getName();
        } catch (SSLPeerUnverifiedException e) {
        }
    }
    

    In handshakeCompleted you can get the protocol version (maybe TLSv1.2), and by the way also the information on cipher suite etc., that is also accessible via HttpsConnection. You can set the custom SSL socket factory via conn.setSSLSocketFactory before connect:

    private void setupAndConnect() {
    URL url = new URL("https://host.dom/xyz");
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null);    // simple here
    
    conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
    
    // conn.set... /* set other parameters */
    conn.connect();
    

    0 讨论(0)
提交回复
热议问题