我正在使用不支持tlsv1.2的java 1.6.0_111,但我的服务器只接受tlsv1.2,所以我尝试使用bouncycastle提供程序,但它仍然无法正常工作,它抛出连接重置错误。 即使我将连接超时增加到 30000,它仍然在 conn.getOutput Stream 上出现错误。
下面是我的代码:
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2", new BouncyCastleJsseProvider());
log("The Supported Protocols are::"+Arrays.asList(protocols));
/*sslContext.init(null, tmf.getTrustManagers(), null);
SSLContext.setDefault(sslContext);;*/
String https_url ="myprodurl";
String json = mattArray.toString().trim();
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
log("after opening connection");
conn.setConnectTimeout(30000);
log("step1");
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
log("step2");
OutputStream os = conn.getOutputStream();
log("step3");
os.write(json.getBytes("UTF-8"));
log("step4");
os.close();
log("after closing outputstream");
InputStream in = new BufferedInputStream(conn.getInputStream());
String response = IOUtils.toString(in, "UTF-8");
log("Result after Reading JSON Responsenn");
log(response);
我得到的错误:
2020-02-04 21:00:42,386 [system] [DEBUG] test - ERROR2 :java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.ibm.jsse2.a.a(a.java:148)
at com.ibm.jsse2.a.a(a.java:96)
at com.ibm.jsse2.tc.a(tc.java:302)
at com.ibm.jsse2.tc.g(tc.java:208)
at com.ibm.jsse2.tc.a(tc.java:482)
at com.ibm.jsse2.tc.startHandshake(tc.java:597)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
我无法测试 IBM j6,但是对于与 TLS1.0 有相同限制的Sun/Oraclej6(6u45,最后一个免费版本(,您设置提供程序列表的方法对我有用,因为我没有其他代码更改默认值,因此显式设置 SSLContext 默认值、HttpsURLConnection 默认值或连接实例,正如我所说。如果服务器想要使用 ECC,后三个确实需要在提供程序列表中使用 bcprov,就像今天的许多服务器一样,因为 Sun j6 没有 ECC 提供程序;我不确定IBM j6。对于我的测试服务器,我可以使用我的默认信任库(因为我之前已经设置了默认信任库来处理我的测试服务器(;这可能因您而异。OTOH 我必须使用明确的非默认随机源,否则我会收到神秘的错误。
我对这四种方法的测试代码(可以选择在后三种方法中包含 bcprov(是:
static void SO60068561BouncyTLS (String[] args) throws Exception {
String url = args[0];
int n = Integer.parseInt (args[1]);
Provider p1 = (Provider)Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance();
Provider p2 = (Provider)Class.forName("org.bouncycastle.jsse.provider.BouncyCastleJsseProvider").newInstance();
SSLContext ctx = null;
if( n == 1 ){ Security.insertProviderAt(p1, 1); Security.insertProviderAt(p2, 2); }
else{ ctx = SSLContext.getInstance("TLSv1.2", p2); ctx.init(null, null, new SecureRandom()); }
if( n < 0 ){ Security.addProvider(p1); n = -n; }
if( n == 2 ) SSLContext.setDefault (ctx);
else if( n == 3 ) HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
HttpsURLConnection conn = (HttpsURLConnection) new URL(url).openConnection();
if( n == 4 ) conn.setSSLSocketFactory(ctx.getSocketFactory());
conn.connect();
System.out.println (conn.getCipherSuite()+" "+conn.getResponseCode());
}