问题
I am developing a java agent to monitor http communications happening in my application server. I like to know the SSL version(SSLv3, TLS, etc) used in outgoing Https connections. Is there a way to get the SSL version by any means?
回答1:
I used this solution, maybe it can help you:
First you need an extension class of SSLSocketFactory to attach a HandshakeCompletedListener to the sockets created by the SSLSocketFactory:
(inspired by How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)
public class SecureSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private HandshakeCompletedListener handshakeListener;
public SecureSSLSocketFactory(
SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
this.delegate = delegate;
this.handshakeListener = handshakeListener;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
if (null != this.handshakeListener) {
socket.addHandshakeCompletedListener(this.handshakeListener);
}
return socket;
}
// and so on for all the other createSocket methods of SSLSocketFactory.
@Override
public String[] getDefaultCipherSuites() {
// TODO: or your own preferences
return this.delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
// TODO: or your own preferences
return this.delegate.getSupportedCipherSuites();
}
Then you need an implementation of the HandshakeCompletedListener interface. You must implement the handshakeCompleted method:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
} catch (SSLPeerUnverifiedException e) {
}
}
In handshakeCompleted you can get the protocol version (maybe TLSv1.2), and by the way also the information on cipher suite etc., that is also accessible via HttpsConnection.
You can set the custom SSL socket factory via conn.setSSLSocketFactory before connect:
private void setupAndConnect() {
URL url = new URL("https://host.dom/xyz");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null); // simple here
conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
// conn.set... /* set other parameters */
conn.connect();
来源:https://stackoverflow.com/questions/27075678/get-ssl-version-used-in-httpsurlconnection-java