jdk1.6 支持 tls1.2协议过程中，遇到不信任证书问题。

wjy0703 2018-10-08 03:42:03

事件：
因为调用的接口要升级到 tls1.2协议，但是我的项目环境是JDK1.6，功能多，代码乱不敢升级到JDK1.8.

根据网上查到的jdk1.6 支持 tls1.2协议的方法，新建TLSSocketConnectionFactory类并继承SSLSocketFactory。
同时在 httpsurlconnection.setSSLSocketFactory(new TLSSocketConnectionFactory());
但是运行后报java.io.IOException: Internal TLS error, this could be an attack。

如果使用自己实现的X509TrustManager来信任所有证书，则只能用SSLContext，
httpsurlconnection.setSSLSocketFactory(sslcontext.getSocketFactory())；而且不报错，接口正常调用。
调用的接口是http，不是https。

是否跟对方的测试接口没有升级到tls1.2协议有关。

TLSSocketConnectionFactory代码与下帖完全一致。
https://blog.csdn.net/g5zhu5896/article/details/80429686#commentBox

有知道的大神指点一下。

...全文

3838 5 打赏收藏转发到动态举报

写回复

用AI写文章

5 条回复

切换为时间正序

请发表友善的回复…

发表回复

yin564263853 2020-08-07

打赏
举报

你好，我现在也碰到这个问题了，请问你是怎么解决的

stacksoverflow 2019-03-27

打赏
举报

引用 5 楼 monster9547 的回复:

[quote=引用 4 楼 stacksoverflow 的回复:] 升级jdk吧，别折腾了。参考 https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle 摘要 90% of the time this works fine! But there are some cases in which we get an annoying error: "Internal TLS error, this could be an attack" . It has been checked that there is no attack. That's a common error based on the treatment of internal BouncyCastle exceptions. I'm trying to find a common pattern to those remote host that fails with little luck.

系统不方便升级jdk啊，蛋疼[/quote]

引用 5 楼 monster9547 的回复:

[quote=引用 4 楼 stacksoverflow 的回复:] 升级jdk吧，别折腾了。参考 https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle 摘要 90% of the time this works fine! But there are some cases in which we get an annoying error: "Internal TLS error, this could be an attack" . It has been checked that there is no attack. That's a common error based on the treatment of internal BouncyCastle exceptions. I'm trying to find a common pattern to those remote host that fails with little luck.

系统不方便升级jdk啊，蛋疼[/quote] 貌似jdk1.6.0_121-b09支持tls1.2 参考 https://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121

monster9547 2019-03-27

打赏
举报

引用 4 楼 stacksoverflow 的回复:

升级jdk吧，别折腾了。
参考
https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle

摘要
90% of the time this works fine! But there are some cases in which we get an annoying error: "Internal TLS error, this could be an attack" . It has been checked that there is no attack. That's a common error based on the treatment of internal BouncyCastle exceptions. I'm trying to find a common pattern to those remote host that fails with little luck.

系统不方便升级jdk啊，蛋疼

monster9547 2019-03-27

打赏
举报

引用 6 楼 stacksoverflow 的回复:

[quote=引用 5 楼 monster9547 的回复:]
[quote=引用 4 楼 stacksoverflow 的回复:]
升级jdk吧，别折腾了。
参考
https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle

摘要
90% of the time this works fine! But there are some cases in which we get an annoying error: "Internal TLS error, this could be an attack" . It has been checked that there is no attack. That's a common error based on the treatment of internal BouncyCastle exceptions. I'm trying to find a common pattern to those remote host that fails with little luck.

系统不方便升级jdk啊，蛋疼[/quote]

引用 5 楼 monster9547 的回复:

[quote=引用 4 楼 stacksoverflow 的回复:]
升级jdk吧，别折腾了。
参考
https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle

摘要
90% of the time this works fine! But there are some cases in which we get an annoying error: "Internal TLS error, this could be an attack" . It has been checked that there is no attack. That's a common error based on the treatment of internal BouncyCastle exceptions. I'm trying to find a common pattern to those remote host that fails with little luck.

系统不方便升级jdk啊，蛋疼[/quote]

貌似jdk1.6.0_121-b09支持tls1.2
参考
https://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121[/quote]
感谢大神，但是官网好像没有下载地址啊，最高的才1.6.0_45

stacksoverflow 2019-03-26

打赏
举报

升级jdk吧，别折腾了。参考 https://stackoverflow.com/questions/33517476/tls-1-2-java-1-6-bouncycastle 摘要 90% of the time this works fine! But there are some cases in which we get an annoying error: "Internal TLS error, this could be an attack" . It has been checked that there is no attack. That's a common error based on the treatment of internal BouncyCastle exceptions. I'm trying to find a common pattern to those remote host that fails with little luck.