TLS1.3 및 TLS_AES_128_GCM_SHA256 암호가 있는 Java SSLSocket 예제

게시 됨: 2020-07-18
TLS1.3 및 TLS_AES_128_GCM_SHA256 암호 자습서가 있는 Java SSLSocket

TLS1.3 HTTP 요청을 도메인에 보내고 응답을 인쇄하는 방법은 무엇입니까?

SSLSocket 클래스는 Socket 을 확장하고 "SSL(Secure Sockets Layer)" 또는 IETF "Transport Layer Security"(TLS) 프로토콜과 같은 프로토콜을 사용하여 보안 소켓을 제공합니다.

이 자습서에서는 프로토콜 TLS1.3 및 암호 TLS_AES_128_GCM_SHA256 을 설정합니다.

시작하자:

  • CrunchifySSLTLS13Tutorial.java 파일 생성
  • 프로토콜 설정: TLS1.3
  • 암호 설정: TLS_AES_128_GCM_SHA256
  • crunchify.com에 HTTP 1.0 호출하기
  • google.com에 HTTP 1.0 호출하기
  • 인쇄 응답
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package crunchify . com . tutorials ;
 
import javax . net . ssl . SSLSocket ;
import javax . net . ssl . SSLSocketFactory ;
import java . io . * ;
 
/**
* @author Crunchify.com
* version: 1.0
* Tutorial: Java SSLSocket with TLS1.3 and TLS_AES_128_GCM_SHA256 Cipher Tutorial
*/
 
public class CrunchifySSLTLS13Tutorial {
 
     // TLS1.3: There are new ciphersuites that only work in TLSv1.3. The old ciphersuites cannot be used for TLSv1.3 connections and the new ones cannot be used in TLSv1.2 and below.
     //The new ciphersuites are defined differently and do not specify the certificate type (e.g. RSA, DSA, ECDSA) or the key exchange mechanism (e.g. DHE or ECHDE). This has implications for ciphersuite configuration.
     private static final String [ ] crunchifyProtocols = new String [ ] { "TLSv1.3" } ;
 
     // TLS_AES_128_GCM_SHA256 Encryption: Advanced Encryption Standard with 128bit key in Galois/Counter mode (AES 128 GCM)
     // Hash: Secure Hash Algorithm 256 (SHA256)
     // RFC 8446
     private static final String [ ] crunchifyCipher = new String [ ] { "TLS_AES_256_GCM_SHA384" } ;
 
     public static void main ( String [ ] args ) throws Exception {
 
         // This class extends Sockets and provides secure socket using protocols such as the "Secure Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols.
         SSLSocket crunchifySocket = null ;
         PrintWriter crunchifyPrintWriter = null ;
         BufferedReader crunchifyBufferReader = null ;
 
         try {
             // initialize SSL Socket Factory
             SSLSocketFactory crunchifyFactory = ( SSLSocketFactory ) SSLSocketFactory . getDefault ( ) ;
 
             crunchifySocket = ( SSLSocket ) crunchifyFactory . createSocket ( "google.com" , 443 ) ;
 
             // Enable protocol : TLS 1.3
             crunchifySocket . setEnabledProtocols ( crunchifyProtocols ) ;
 
             // Enable Cipher: TLS_AES_128_GCM_SHA256
             crunchifySocket . setEnabledCipherSuites ( crunchifyCipher ) ;
 
             // Start Handshake
             crunchifySocket . startHandshake ( ) ;
 
             // Creates a new PrintWriter, without automatic line flushing.
             crunchifyPrintWriter = new PrintWriter ( new BufferedWriter ( new OutputStreamWriter ( crunchifySocket . getOutputStream ( ) ) ) ) ;
 
             crunchifyPrintWriter . println ( "GET / HTTP/1.0" ) ;
             crunchifyPrintWriter . println ( ) ;
             crunchifyPrintWriter . flush ( ) ;
 
             if ( crunchifyPrintWriter . checkError ( ) )
                 System . out . println ( "SSLSocketClient Error:  java.io.PrintWriter error" ) ;
 
             // Let's get response
             crunchifyBufferReader = new BufferedReader ( new InputStreamReader ( crunchifySocket . getInputStream ( ) ) ) ;
 
             String crunchifyStringLine ;
             while ( ( crunchifyStringLine = crunchifyBufferReader . readLine ( ) ) ! = null )
                 crunchifyLog ( crunchifyStringLine ) ;
 
         } catch ( Exception e ) {
             e . printStackTrace ( ) ;
         } finally {
             // Close Socket
             if ( crunchifySocket ! = null )
                 crunchifySocket . close ( ) ;
 
             // Close PrintWriter
             if ( crunchifyPrintWriter ! = null )
                 crunchifyPrintWriter . close ( ) ;
 
             // Close Buffer Reader
             if ( crunchifyBufferReader ! = null )
                 crunchifyBufferReader . close ( ) ;
         }
     }
 
     private static void crunchifyLog ( String crunchifyStringLine ) {
 
         System . out . println ( crunchifyStringLine ) ;
     }
 
}

다음은 정의된 TLS1.3 프로토콜입니다.

  • TLS_AES_128_CCM_8_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256

결과:

Crunchify에서는 TLS1.3 enabled 되어 있으므로 오류가 발생하지 않습니다.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/ Library / Java / JavaVirtualMachines / jdk - 13.0.1.jdk / Contents / Home / bin / java - javaagent : / Applications / IntelliJ IDEA . app / Contents / lib / idea_rt . jar = 62909 : / Applications / IntelliJ IDEA . app / Contents / bin - Dfile . encoding = UTF - 8 - classpath / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / target / classes : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / zxing - 2.1.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - logging - 1.1.2.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - collections - 3.2.1.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / javax . mail . jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - io - 2.4.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - lang - 2.6.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - configuration - 1.9.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / log4j - 1.2.17.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - beanutils - 1.8.3.jar : / Users / crunchify / . m2 / repository / org / glassfish / javax . json / 1.0.4 / javax . json - 1.0.4.jar : / Users / crunchify / . m2 / repository / com / github / wnameless / json - flattener / 0.2.2 / json - flattener - 0.2.2.jar : / Users / crunchify / . m2 / repository / com / eclipsesource / minimal - json / minimal - json / 0.9.4 / minimal - json - 0.9.4.jar : / Users / crunchify / . m2 / repository / org / apache / commons / commons - lang3 / 3.4 / commons - lang3 - 3.4.jar : / Users / crunchify / . m2 / repository / com / google / code / gson / gson / 2.8.0 / gson - 2.8.0.jar : / Users / crunchify / . m2 / repository / net / jodah / expiringmap / 0.5.7 / expiringmap - 0.5.7.jar : / Users / crunchify / . m2 / repository / org / apache / httpcomponents / httpclient / 4.3.6 / httpclient - 4.3.6.jar : / Users / crunchify / . m2 / repository / org / apache / httpcomponents / httpcore / 4.3.3 / httpcore - 4.3.3.jar : / Users / crunchify / . m2 / repository / commons - codec / commons - codec / 1.6 / commons - codec - 1.6.jar : / Users / crunchify / . m2 / repository / org / json / json / 20151123 / json - 20151123.jar : / Users / crunchify / . m2 / repository / net / spy / spymemcached / 2.12.3 / spymemcached - 2.12.3.jar : / Users / crunchify / . m2 / repository / com / whalin / Memcached - Java - Client / 3.0.2 / Memcached - Java - Client - 3.0.2.jar : / Users / crunchify / . m2 / repository / commons - pool / commons - pool / 1.5.6 / commons - pool - 1.5.6.jar : / Users / crunchify / . m2 / repository / org / slf4j / slf4j - api / 1.6.4 / slf4j - api - 1.6.4.jar : / Users / crunchify / . m2 / repository / com / googlecode / xmemcached / xmemcached / 2.4.5 / xmemcached - 2.4.5.jar : / Users / crunchify / . m2 / repository / com / paypal / sdk / rest - api - sdk / 1.14.0 / rest - api - sdk - 1.14.0.jar : / Users / crunchify / . m2 / repository / commons - dbcp / commons - dbcp / 20030825.184428 / commons - dbcp - 20030825.184428.jar : / Users / crunchify / . m2 / repository / javax / ws / rs / javax . ws . rs - api / 2.0 / javax . ws . rs - api - 2.0.jar : / Users / crunchify / . m2 / repository / org / hamcrest / hamcrest - all / 1.3 / hamcrest - all - 1.3.jar : / Users / crunchify / . m2 / repository / log4j / log4j / 1.2.17 / log4j - 1.2.17.jar : / Users / crunchify / . m2 / repository / com / google / guava / guava / 19.0 / guava - 19.0.jar : / Users / crunchify / . m2 / repository / com / googlecode / json - simple / json - simple / 1.1 / json - simple - 1.1.jar : / Users / crunchify / . m2 / repository / commons - net / commons - net / 2.0 / commons - net - 2.0.jar : / Users / crunchify / . m2 / repository / asm / asm / 3.3.1 / asm - 3.3.1.jar : / Users / crunchify / . m2 / repository / axis / axis / 1.4 / axis - 1.4.jar : / Users / crunchify / . m2 / repository / org / apache / axis / axis - jaxrpc / 1.4 / axis - jaxrpc - 1.4.jar : / Users / crunchify / . m2 / repository / axis / axis - wsdl4j / 1.5.1 / axis - wsdl4j - 1.5.1.jar : / Users / crunchify / . m2 / repository / commons - beanutils / commons - beanutils / 1.8.3 / commons - beanutils - 1.8.3.jar : / Users / crunchify / . m2 / repository / commons - collections / commons - collections / 3.2.1 / commons - collections - 3.2.1.jar : / Users / crunchify / . m2 / repository / commons - configuration / commons - configuration / 1.10 / commons - configuration - 1.10.jar : / Users / crunchify / . m2 / repository / commons - io / commons - io / 2.4 / commons - io - 2.4.jar : / Users / crunchify / . m2 / repository / commons - discovery / commons - discovery / 0.5 / commons - discovery - 0.5.jar : / Users / crunchify / . m2 / repository / commons - lang / commons - lang / 2.6 / commons - lang - 2.6.jar : / Users / crunchify / . m2 / repository / commons - logging / commons - logging / 1.1.3 / commons - logging - 1.1.3.jar : / Users / crunchify / . m2 / repository / commons - logging / commons - logging - api / 1.1 / commons - logging - api - 1.1.jar : / Users / crunchify / . m2 / repository / javax / mail / mail / 1.4.7 / mail - 1.4.7.jar : / Users / crunchify / . m2 / repository / javax / activation / activation / 1.1 / activation - 1.1.jar : / Users / crunchify / . m2 / repository / javax / xml / jaxrpc - api / 1.1 / jaxrpc - api - 1.1.jar : / Users / crunchify / . m2 / repository / javax / servlet / javax . servlet - api / 3.1.0 / javax . servlet - api - 3.1.0.jar : / Users / crunchify / . m2 / repository / org / apache / axis / axis - saaj / 1.4 / axis - saaj - 1.4.jar : / Users / crunchify / . m2 / repository / wsdl4j / wsdl4j / 1.6.3 / wsdl4j - 1.6.3.jar : / Users / crunchify / . m2 / repository / com / google / zxing / core / 3.2.1 / core - 3.2.1.jar : / Users / crunchify / . m2 / repository / org / apache / commons / commons - compress / 1.9 / commons - compress - 1.9.jar : / Users / crunchify / . m2 / repository / mysql / mysql - connector - java / 5.1.6 / mysql - connector - java - 5.1.6.jar : / Users / crunchify / . m2 / repository / junit / junit / 4.12 / junit - 4.12.jar : / Users / crunchify / . m2 / repository / org / hamcrest / hamcrest - core / 1.3 / hamcrest - core - 1.3.jar : / Users / crunchify / . m2 / repository / ch / qos / logback / logback - classic / 1.2.3 / logback - classic - 1.2.3.jar : / Users / crunchify / . m2 / repository / ch / qos / logback / logback - core / 1.2.3 / logback - core - 1.2.3.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - context / 5.1.3.RELEASE / spring - context - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - aop / 5.1.3.RELEASE / spring - aop - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - beans / 5.1.3.RELEASE / spring - beans - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - core / 5.1.3.RELEASE / spring - core - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - jcl / 5.1.3.RELEASE / spring - jcl - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - expression / 5.1.3.RELEASE / spring - expression - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - context - support / 5.1.3.RELEASE / spring - context - support - 5.1.3.RELEASE.jar crunchify . com . tutorials . CrunchifySSLTLS13Tutorial
HTTP / 1.1 301 Moved Permanently
Server : nginx
Date : Sat , 18 Jul 2020 03 : 10 : 08 GMT
Content - Type : text / html
Content - Length : 162
Connection : close
Location : http : //000000000.kinsta.com/
X - Content - Type - Options : nosniff
 
< html >
< head > < title > 301 Moved Permanently < / title > < / head >
< body >
< center > < h1 > 301 Moved Permanently < / h1 > < / center >
< hr > < center > nginx < / center >
< / body >
< / html >
 
Process finished with exit code 0

Google.com을 방문해보세요. crunchify.com 도메인을 교체하고 프로그램을 다시 실행하기만 하면 됩니다.

google.com 도메인의 결과:

1
2
3
4
5
6
7
8
9
10
11
12
13
HTTP / 1.0 200 OK
Date : Sat , 18 Jul 2020 03 : 29 : 22 GMT
Expires : - 1
Cache - Control : private , max - age = 0
Content - Type : text / html ; charset = ISO - 8859 - 1
P3P : CP = "This is not a P3P policy! See g.co/p3phelp for more info."
Server : gws
 
X - XSS - Protection : 0
X - Frame - Options : SAMEORIGIN
 
Set - Cookie : 1P_JAR = 2020 - 07 - 18 - 03 ; expires = Mon , 17 - Aug - 2020 03 : 29 : 22 GMT ; path =/ ; domain = . google . com ; Secure
Set - Cookie : NID = 204 = BDdFDUl5oe - 0jvYXe8O9RF8x2cYz5q6dy0JRxsdQYFYV86TqTAEIPYB5BwoZCiaM0oUQ5GovV9x8qAiflI3gSbt45VrVmrXCgQX687SyRPO1lh

이 튜토리얼이 TLS1.3 프로토콜을 사용하는 모든 URL에 도움이 되기를 바랍니다.