问题
A third party our application is integrate with has recently made changes in their security level protocols. In short, My Axis client should now send calls using TLSv1.1 or TLSv1.2. I have seen other posts regarding this, with some good ideas:
- here
- here.
After making those changes in code, I have triggered the calls again, I have used a snipping tool to monitor the sent package, and I still see in the SSL layer that the protocol being used is TLSv1.
the packet snippet
what am I doing wrong here?
this is how I set my new SocketSecureFactory:
AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName());
whereas MyTLSSocketSecureFactory is:
public class MyTLSSocketSecureFactory extends JSSESocketFactory {
public MyTLSSocketSecureFactory(Hashtable attributes) {
super(attributes);
}
@Override
public Socket create(String host,int port, StringBuffer otherHeaders,BooleanHolder useFullURL)
throws Exception{
Socket s = super.create(host, port, otherHeaders, useFullURL);
((SSLSocket)s).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
return s;
}
}
would really appreciate any comments, thanks.
回答1:
In your MyTLSSocketSecureFactory class, you need create your own SSLContext instance and then get the sslFactory from the context.
Override the initFactory() method, and somethings like:
initFactory() {
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);
sslFactory = context.getSocketFactory();
}
回答2:
You can also just change the default SSLContext
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
SSLContext.setDefault(sslContext);
回答3:
See also https://github.com/unkascrack/axis-ssl they introduce a SSLClientAxisEngineConfig EngineConfiguration implementation to enable TLS.
来源:https://stackoverflow.com/questions/34180289/how-to-enforce-an-axis-client-to-use-tlsv1-2-protocol