个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
30
4
将 Conscrypt 与 Apache HttpClient 5 结合使用的推荐方法是什么?
我尝试将 conscrypt-openjdk-uber-2.2.1.jar jar 添加到我的类路径中,并将我的 sslcontext 配置为 SSLContexts.custom( ).setProvider(Conscrypt.newProvider()),但是当我使用 sslcontext 测试 HttpClient 时,它会抛出:
[main] INFO org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec -
Recoverable I/O exception (java.net.NoRouteToHostException) caught when processing request to
{s}->https://www.wikipedia.org:443
如果我删除自定义 setProvider 行,那么它可以完美运行(通过常规 JSSE)。
我注意到 Conscrypt 在这里被列为依赖项:https://hc.apache.org/httpcomponents-client-5.0.x/httpclient5/dependencies.html ,那么也许我需要在某处启用对 Conscrypt 的内置支持?
最佳答案
您实际上不需要做任何事情。 HttpClient 自动检测并配置 Conscrypt 作为 Java 1.7 和 1.8 上的异步 TLS 层的提供者。
对于所有较新的 JRE,可以显式配置连接管理器以使用基于 Conscrypt 的 TLS 策略:
PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(ConscryptClientTlsStrategy.getSystemDefault())
.build();
CloseableHttpAsyncClient client = HttpAsyncClients.custom()
.setVersionPolicy(HttpVersionPolicy.NEGOTIATE)
.setConnectionManager(cm)
.build();
已更新
以下代码片段适用于我的 HttpClient 5.0-beta7
final SSLContext sslcontext = SSLContexts.custom()
.setProvider(Conscrypt.newProvider())
.build();
final SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder.create()
.setSslContext(sslcontext)
.build();
final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslSocketFactory)
.build();
try (CloseableHttpClient httpclient = HttpClients.custom()
.setConnectionManager(cm)
.build()) {
final HttpGet httpget = new HttpGet("https://www.wikipedia.org/");
System.out.println("Executing request " + httpget.getMethod() + " " + httpget.getUri());
final HttpClientContext clientContext = HttpClientContext.create();
try (CloseableHttpResponse response = httpclient.execute(httpget, clientContext)) {
System.out.println("----------------------------------------");
System.out.println(response.getCode() + " " + response.getReasonPhrase());
final SSLSession sslSession = clientContext.getSSLSession();
if (sslSession != null) {
System.out.println("SSL protocol " + sslSession.getProtocol());
System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
}
}
}
控制台输出:
Executing request GET https://www.wikipedia.org/
2020-02-06 10:33:22,619 DEBUG ex-00000001: preparing request execution
2020-02-06 10:33:22,625 DEBUG Cookie spec selected: strict
2020-02-06 10:33:22,629 DEBUG Auth cache not set in the context
2020-02-06 10:33:22,629 DEBUG ex-00000001: target auth state: UNCHALLENGED
2020-02-06 10:33:22,630 DEBUG ex-00000001: proxy auth state: UNCHALLENGED
2020-02-06 10:33:22,630 DEBUG ex-00000001: acquiring connection with route {s}->https://www.wikipedia.org:443
2020-02-06 10:33:22,630 DEBUG ex-00000001: acquiring endpoint (3 MINUTES)
2020-02-06 10:33:22,632 DEBUG ex-00000001: endpoint lease request (3 MINUTES) [route: {s}->https://www.wikipedia.org:443][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
2020-02-06 10:33:22,636 DEBUG ex-00000001: endpoint leased [route: {s}->https://www.wikipedia.org:443][total available: 0; route allocated: 1 of 5; total allocated: 1 of 25]
2020-02-06 10:33:22,649 DEBUG ex-00000001: acquired ep-00000000
2020-02-06 10:33:22,649 DEBUG ex-00000001: acquired endpoint ep-00000000
2020-02-06 10:33:22,649 DEBUG ex-00000001: opening connection {s}->https://www.wikipedia.org:443
2020-02-06 10:33:22,650 DEBUG ep-00000000: connecting endpoint (3 MINUTES)
2020-02-06 10:33:22,650 DEBUG ep-00000000: connecting endpoint to https://www.wikipedia.org:443 (3 MINUTES)
2020-02-06 10:33:22,654 DEBUG http-outgoing-0: connecting to www.wikipedia.org/91.198.174.192:443
2020-02-06 10:33:22,654 DEBUG Connecting socket to www.wikipedia.org/91.198.174.192:443 with timeout 3 MINUTES
2020-02-06 10:33:22,759 DEBUG Enabled protocols: [TLSv1.2, TLSv1.3]
2020-02-06 10:33:22,759 DEBUG Enabled cipher suites:[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2020-02-06 10:33:22,759 DEBUG Starting handshake
2020-02-06 10:33:23,192 DEBUG Secure session established
2020-02-06 10:33:23,192 DEBUG negotiated protocol: TLSv1.2
2020-02-06 10:33:23,192 DEBUG negotiated cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
2020-02-06 10:33:23,192 DEBUG peer principal: CN=*.wikipedia.org, O="Wikimedia Foundation, Inc.", L=San Francisco, ST=California, C=US
2020-02-06 10:33:23,193 DEBUG peer alternative names: [*.wikipedia.org, *.wikimedia.org, *.wmfusercontent.org, *.wikimediafoundation.org, *.wiktionary.org, *.wikivoyage.org, *.wikiversity.org, *.wikisource.org, *.wikiquote.org, *.wikinews.org, *.wikidata.org, *.wikibooks.org, wikimedia.org, *.mediawiki.org, wikipedia.org, wikiquote.org, mediawiki.org, wmfusercontent.org, w.wiki, wikimediafoundation.org, wikibooks.org, wiktionary.org, wikivoyage.org, wikidata.org, wikiversity.org, wikisource.org, wikinews.org, *.m.wikipedia.org, *.m.wiktionary.org, *.m.wikivoyage.org, *.m.wikiquote.org, *.m.wikiversity.org, *.m.wikisource.org, *.m.wikimedia.org, *.m.wikinews.org, *.m.wikidata.org, *.m.wikibooks.org, *.planet.wikimedia.org, *.m.mediawiki.org]
2020-02-06 10:33:23,193 DEBUG issuer principal: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
2020-02-06 10:33:23,196 DEBUG http-outgoing-0: connection established 192.168.43.143:55022<->91.198.174.192:443
2020-02-06 10:33:23,196 DEBUG ep-00000000: connected http-outgoing-0
2020-02-06 10:33:23,196 DEBUG ep-00000000: endpoint connected
2020-02-06 10:33:23,197 DEBUG ex-00000001: executing GET / HTTP/1.1
2020-02-06 10:33:23,197 DEBUG ep-00000000: start execution ex-00000001
2020-02-06 10:33:23,197 DEBUG ep-00000000: executing exchange ex-00000001 over http-outgoing-0
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> GET / HTTP/1.1
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> Accept-Encoding: gzip, x-gzip, deflate
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> Host: www.wikipedia.org
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> Connection: keep-alive
2020-02-06 10:33:23,198 DEBUG http-outgoing-0 >> User-Agent: Apache-HttpClient/5.0-beta8-SNAPSHOT (Java/1.8.0_181)
2020-02-06 10:33:23,402 DEBUG http-outgoing-0 << HTTP/1.1 200 OK
2020-02-06 10:33:23,403 DEBUG http-outgoing-0 << Date: Wed, 05 Feb 2020 20:39:26 GMT
2020-02-06 10:33:23,403 DEBUG http-outgoing-0 << Cache-Control: s-maxage=86400, must-revalidate, max-age=3600
2020-02-06 10:33:23,403 DEBUG http-outgoing-0 << Server: ATS/8.0.5
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << X-ATS-Timestamp: 1580935166
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << ETag: W/"12be8-59c0633ed3519"
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << Content-Type: text/html
2020-02-06 10:33:23,404 DEBUG http-outgoing-0 << Last-Modified: Mon, 13 Jan 2020 14:22:18 GMT
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << Backend-Timing: D=320 t=1579084179579408
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << Content-Encoding: gzip
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << Vary: Accept-Encoding
2020-02-06 10:33:23,405 DEBUG http-outgoing-0 << X-Varnish: 118503554 495852195
2020-02-06 10:33:23,406 DEBUG http-outgoing-0 << Age: 46437
2020-02-06 10:33:23,406 DEBUG http-outgoing-0 << X-Cache: cp3062 miss, cp3052 hit/600912
2020-02-06 10:33:23,406 DEBUG http-outgoing-0 << X-Cache-Status: hit-front
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Server-Timing: cache;desc="hit-front"
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Set-Cookie: WMF-Last-Access=06-Feb-2020;Path=/;HttpOnly;secure;Expires=Mon, 09 Mar 2020 00:00:00 GMT
2020-02-06 10:33:23,407 DEBUG http-outgoing-0 << Set-Cookie: WMF-Last-Access-Global=06-Feb-2020;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Mon, 09 Mar 2020 00:00:00 GMT
2020-02-06 10:33:23,408 DEBUG http-outgoing-0 << X-Client-IP: 213.55.225.99
2020-02-06 10:33:23,418 DEBUG http-outgoing-0 << Set-Cookie: GeoIP=CH:ZH:Zurich:47.37:8.55:v4; Path=/; secure; Domain=.wikipedia.org
2020-02-06 10:33:23,418 DEBUG http-outgoing-0 << Accept-Ranges: bytes
2020-02-06 10:33:23,418 DEBUG http-outgoing-0 << Content-Length: 18800
2020-02-06 10:33:23,419 DEBUG http-outgoing-0 << Connection: keep-alive
2020-02-06 10:33:23,429 DEBUG ex-00000001: connection can be kept alive for -1 MILLISECONDS
2020-02-06 10:33:23,437 DEBUG Cookie accepted [WMF-Last-Access="06-Feb-2020", domain:www.wikipedia.org, path:/, expiry:Mon Mar 09 01:00:00 CET 2020]
2020-02-06 10:33:23,438 DEBUG Cookie accepted [WMF-Last-Access-Global="06-Feb-2020", domain:wikipedia.org, path:/, expiry:Mon Mar 09 01:00:00 CET 2020]
2020-02-06 10:33:23,438 DEBUG Cookie accepted [GeoIP="CH:ZH:Zurich:47.37:8.55:v4", domain:wikipedia.org, path:/, expiry:null]
----------------------------------------
200 OK
SSL protocol TLSv1.2
SSL cipher suite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
2020-02-06 10:33:23,467 DEBUG http-outgoing-0: close connection GRACEFUL
2020-02-06 10:33:23,468 DEBUG ep-00000000: endpoint closed
2020-02-06 10:33:23,468 DEBUG ep-00000000: endpoint closed
2020-02-06 10:33:23,468 DEBUG ep-00000000: discarding endpoint
2020-02-06 10:33:23,468 DEBUG ep-00000000: releasing endpoint
2020-02-06 10:33:23,469 DEBUG ep-00000000: connection released [route: {s}->https://www.wikipedia.org:443][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
2020-02-06 10:33:23,469 DEBUG Shutdown connection pool GRACEFUL
2020-02-06 10:33:23,469 DEBUG Connection pool shut down
关于java - 如何将 Conscrypt 与 Apache HttpClient 5 结合使用来加速 TLS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60077785/
30
4
0
/Volumes/SSD/.gradle/caches/modules-2/files-2.1/com.squareup.okhttp3/okhttp/3.10.0/7ef0f1d95bf4c0b3b
当我根据 Micronaut documentation 将我的应用程序打包为 native 镜像时,使用 Java 11.0.9 (GraalVM CE 20.3.0) 和 Micronaut 2.
Conscrypt 库 ( https://github.com/google/conscrypt ) 是否适用于 Java 11?我知道它支持 JDK 8 和 9,但是有人用 JDK 11 试过吗?
在 android 中,如果我得到 (SSLSocketFactory) SSLSocketFactory.getDefault()我得到了这个类的内部套接字工厂com.android.org.con
我一直在寻找如何使用 conscrypt-openjdk-uber-1.4.1.jar 为 jdk8 实现 Conscrypt SSL 提供程序以支持 ALPN 用于建立到服务器的http2(使用 a
我正在开始使用 ECC 加密技术开发 Android 应用程序。我已经看到 Android 嵌入了一些密码学(在此处定义 https://developer.android.com/guide/top
将 Conscrypt 与 Apache HttpClient 5 结合使用的推荐方法是什么? 我尝试将 conscrypt-openjdk-uber-2.2.1.jar jar 添加到我的类路径中,
目前我正在做一个学校项目。该项目的目标是从服务器接收数据并将数据写入服务器。为此,我使用套接字和服务器套接字。为了加密消息,我使用 Apache Commons Codec 1.9。 (服务器是在Ub
我一直在围绕okhttp3进行测试以发出http2请求,我的标准是使用jdk8本身实现http2连接。我知道这可以通过升级到 jdk 9 或使用 conscrypt 作为默认提供程序轻松实现, Sec
CertificateFactory cf = CertificateFactory.getInstance("X.509"); AssetManager assetManager =
我正在使用 Apache HttpClient 5连同 Conscrypt通过 SSL 同时执行 HTTP 2.0 请求,如下所示: final SSLContext sslContext;
在应用发布之前,我在 Google Play 中出现以下错误。这不是警告,而是错误。我可以看到带有类似堆栈跟踪的警告。我不确定该应用程序是否会因此而被拒绝,因为发布前报告的摘要令人困惑。它说没有问题。
您使用的是什么版本的 gRPC? 1.13.1 我正在使用 java 8 构建可执行 jar。下面是java版本: $ /usr/lib/jvm/java-1.8.0-openjdk-amd64/jr
大家好,我在 api 调用上遇到了我的改造代码的问题,我在下面发布了堆栈跟踪,请看一下: Accessing hidden method Lcom/android/org/conscrypt/
我正在尝试使用谷歌自然语言处理 api。我使用 Maven 添加库并添加 GOOGLE_APPLICATION_CREDENTIALS作为环境变量,它具有包含我的服务帐户 key 的 JSON 文件的
在 api 级别 24 之前,我的代码工作正常,但它在 api 级别 24 ( 7.0 Nougat) 上给我错误。我不知道我的代码出了什么问题。 第一种方法在这里:
使用 GGoogle Text to Speech API 时出现以下异常, java.lang.IllegalStateException: Could not find TLS ALPN prov
我是一名优秀的程序员,十分优秀!