帶有 TLS1.3 和 TLS_AES_128_GCM_SHA256 密碼示例的 Java SSLSocket

已發表: 2020-07-18
Java SSLSocket with TLS1.3 and TLS_AES_128_GCM_SHA256 Cipher Tutorial

如何向您的域發送 TLS1.3 HTTPs 請求並打印響應?

SSLSocket 類擴展了Socket並使用諸如“安全套接字層”(SSL)或 IETF“傳輸層安全”(TLS)協議之類的協議提供安全套接字。

在本教程中,我們將設置協議TLS1.3和密碼TLS_AES_128_GCM_SHA256

讓我們開始吧:

  • 創建文件 CrunchifySSLTLS13Tutorial.java
  • 設置協議:TLS1.3
  • 設置密碼:TLS_AES_128_GCM_SHA256
  • 對 crunchify.com 進行 HTTP 1.0 調用
  • 對 google.com 進行 HTTP 1.0 調用
  • 打印響應
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package crunchify . com . tutorials ;
 
import javax . net . ssl . SSLSocket ;
import javax . net . ssl . SSLSocketFactory ;
import java . io . * ;
 
/**
* @author Crunchify.com
* version: 1.0
* Tutorial: Java SSLSocket with TLS1.3 and TLS_AES_128_GCM_SHA256 Cipher Tutorial
*/
 
public class CrunchifySSLTLS13Tutorial {
 
     // TLS1.3: There are new ciphersuites that only work in TLSv1.3. The old ciphersuites cannot be used for TLSv1.3 connections and the new ones cannot be used in TLSv1.2 and below.
     //The new ciphersuites are defined differently and do not specify the certificate type (e.g. RSA, DSA, ECDSA) or the key exchange mechanism (e.g. DHE or ECHDE). This has implications for ciphersuite configuration.
     private static final String [ ] crunchifyProtocols = new String [ ] { "TLSv1.3" } ;
 
     // TLS_AES_128_GCM_SHA256 Encryption: Advanced Encryption Standard with 128bit key in Galois/Counter mode (AES 128 GCM)
     // Hash: Secure Hash Algorithm 256 (SHA256)
     // RFC 8446
     private static final String [ ] crunchifyCipher = new String [ ] { "TLS_AES_256_GCM_SHA384" } ;
 
     public static void main ( String [ ] args ) throws Exception {
 
         // This class extends Sockets and provides secure socket using protocols such as the "Secure Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols.
         SSLSocket crunchifySocket = null ;
         PrintWriter crunchifyPrintWriter = null ;
         BufferedReader crunchifyBufferReader = null ;
 
         try {
             // initialize SSL Socket Factory
             SSLSocketFactory crunchifyFactory = ( SSLSocketFactory ) SSLSocketFactory . getDefault ( ) ;
 
             crunchifySocket = ( SSLSocket ) crunchifyFactory . createSocket ( "google.com" , 443 ) ;
 
             // Enable protocol : TLS 1.3
             crunchifySocket . setEnabledProtocols ( crunchifyProtocols ) ;
 
             // Enable Cipher: TLS_AES_128_GCM_SHA256
             crunchifySocket . setEnabledCipherSuites ( crunchifyCipher ) ;
 
             // Start Handshake
             crunchifySocket . startHandshake ( ) ;
 
             // Creates a new PrintWriter, without automatic line flushing.
             crunchifyPrintWriter = new PrintWriter ( new BufferedWriter ( new OutputStreamWriter ( crunchifySocket . getOutputStream ( ) ) ) ) ;
 
             crunchifyPrintWriter . println ( "GET / HTTP/1.0" ) ;
             crunchifyPrintWriter . println ( ) ;
             crunchifyPrintWriter . flush ( ) ;
 
             if ( crunchifyPrintWriter . checkError ( ) )
                 System . out . println ( "SSLSocketClient Error:  java.io.PrintWriter error" ) ;
 
             // Let's get response
             crunchifyBufferReader = new BufferedReader ( new InputStreamReader ( crunchifySocket . getInputStream ( ) ) ) ;
 
             String crunchifyStringLine ;
             while ( ( crunchifyStringLine = crunchifyBufferReader . readLine ( ) ) ! = null )
                 crunchifyLog ( crunchifyStringLine ) ;
 
         } catch ( Exception e ) {
             e . printStackTrace ( ) ;
         } finally {
             // Close Socket
             if ( crunchifySocket ! = null )
                 crunchifySocket . close ( ) ;
 
             // Close PrintWriter
             if ( crunchifyPrintWriter ! = null )
                 crunchifyPrintWriter . close ( ) ;
 
             // Close Buffer Reader
             if ( crunchifyBufferReader ! = null )
                 crunchifyBufferReader . close ( ) ;
         }
     }
 
     private static void crunchifyLog ( String crunchifyStringLine ) {
 
         System . out . println ( crunchifyStringLine ) ;
     }
 
}

這些是定義的 TLS1.3 協議:

  • TLS_AES_128_CCM_8_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256

結果:

在 Crunchify 上,我們TLS1.3 enabled ,因此我們沒有遇到任何錯誤。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/ Library / Java / JavaVirtualMachines / jdk - 13.0.1.jdk / Contents / Home / bin / java - javaagent : / Applications / IntelliJ IDEA . app / Contents / lib / idea_rt . jar = 62909 : / Applications / IntelliJ IDEA . app / Contents / bin - Dfile . encoding = UTF - 8 - classpath / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / target / classes : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / zxing - 2.1.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - logging - 1.1.2.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - collections - 3.2.1.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / javax . mail . jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - io - 2.4.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - lang - 2.6.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - configuration - 1.9.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / log4j - 1.2.17.jar : / Users / crunchify / Documents / C / crunchify - github / CrunchifyTutorials / WebContent / WEB - INF / lib / commons - beanutils - 1.8.3.jar : / Users / crunchify / . m2 / repository / org / glassfish / javax . json / 1.0.4 / javax . json - 1.0.4.jar : / Users / crunchify / . m2 / repository / com / github / wnameless / json - flattener / 0.2.2 / json - flattener - 0.2.2.jar : / Users / crunchify / . m2 / repository / com / eclipsesource / minimal - json / minimal - json / 0.9.4 / minimal - json - 0.9.4.jar : / Users / crunchify / . m2 / repository / org / apache / commons / commons - lang3 / 3.4 / commons - lang3 - 3.4.jar : / Users / crunchify / . m2 / repository / com / google / code / gson / gson / 2.8.0 / gson - 2.8.0.jar : / Users / crunchify / . m2 / repository / net / jodah / expiringmap / 0.5.7 / expiringmap - 0.5.7.jar : / Users / crunchify / . m2 / repository / org / apache / httpcomponents / httpclient / 4.3.6 / httpclient - 4.3.6.jar : / Users / crunchify / . m2 / repository / org / apache / httpcomponents / httpcore / 4.3.3 / httpcore - 4.3.3.jar : / Users / crunchify / . m2 / repository / commons - codec / commons - codec / 1.6 / commons - codec - 1.6.jar : / Users / crunchify / . m2 / repository / org / json / json / 20151123 / json - 20151123.jar : / Users / crunchify / . m2 / repository / net / spy / spymemcached / 2.12.3 / spymemcached - 2.12.3.jar : / Users / crunchify / . m2 / repository / com / whalin / Memcached - Java - Client / 3.0.2 / Memcached - Java - Client - 3.0.2.jar : / Users / crunchify / . m2 / repository / commons - pool / commons - pool / 1.5.6 / commons - pool - 1.5.6.jar : / Users / crunchify / . m2 / repository / org / slf4j / slf4j - api / 1.6.4 / slf4j - api - 1.6.4.jar : / Users / crunchify / . m2 / repository / com / googlecode / xmemcached / xmemcached / 2.4.5 / xmemcached - 2.4.5.jar : / Users / crunchify / . m2 / repository / com / paypal / sdk / rest - api - sdk / 1.14.0 / rest - api - sdk - 1.14.0.jar : / Users / crunchify / . m2 / repository / commons - dbcp / commons - dbcp / 20030825.184428 / commons - dbcp - 20030825.184428.jar : / Users / crunchify / . m2 / repository / javax / ws / rs / javax . ws . rs - api / 2.0 / javax . ws . rs - api - 2.0.jar : / Users / crunchify / . m2 / repository / org / hamcrest / hamcrest - all / 1.3 / hamcrest - all - 1.3.jar : / Users / crunchify / . m2 / repository / log4j / log4j / 1.2.17 / log4j - 1.2.17.jar : / Users / crunchify / . m2 / repository / com / google / guava / guava / 19.0 / guava - 19.0.jar : / Users / crunchify / . m2 / repository / com / googlecode / json - simple / json - simple / 1.1 / json - simple - 1.1.jar : / Users / crunchify / . m2 / repository / commons - net / commons - net / 2.0 / commons - net - 2.0.jar : / Users / crunchify / . m2 / repository / asm / asm / 3.3.1 / asm - 3.3.1.jar : / Users / crunchify / . m2 / repository / axis / axis / 1.4 / axis - 1.4.jar : / Users / crunchify / . m2 / repository / org / apache / axis / axis - jaxrpc / 1.4 / axis - jaxrpc - 1.4.jar : / Users / crunchify / . m2 / repository / axis / axis - wsdl4j / 1.5.1 / axis - wsdl4j - 1.5.1.jar : / Users / crunchify / . m2 / repository / commons - beanutils / commons - beanutils / 1.8.3 / commons - beanutils - 1.8.3.jar : / Users / crunchify / . m2 / repository / commons - collections / commons - collections / 3.2.1 / commons - collections - 3.2.1.jar : / Users / crunchify / . m2 / repository / commons - configuration / commons - configuration / 1.10 / commons - configuration - 1.10.jar : / Users / crunchify / . m2 / repository / commons - io / commons - io / 2.4 / commons - io - 2.4.jar : / Users / crunchify / . m2 / repository / commons - discovery / commons - discovery / 0.5 / commons - discovery - 0.5.jar : / Users / crunchify / . m2 / repository / commons - lang / commons - lang / 2.6 / commons - lang - 2.6.jar : / Users / crunchify / . m2 / repository / commons - logging / commons - logging / 1.1.3 / commons - logging - 1.1.3.jar : / Users / crunchify / . m2 / repository / commons - logging / commons - logging - api / 1.1 / commons - logging - api - 1.1.jar : / Users / crunchify / . m2 / repository / javax / mail / mail / 1.4.7 / mail - 1.4.7.jar : / Users / crunchify / . m2 / repository / javax / activation / activation / 1.1 / activation - 1.1.jar : / Users / crunchify / . m2 / repository / javax / xml / jaxrpc - api / 1.1 / jaxrpc - api - 1.1.jar : / Users / crunchify / . m2 / repository / javax / servlet / javax . servlet - api / 3.1.0 / javax . servlet - api - 3.1.0.jar : / Users / crunchify / . m2 / repository / org / apache / axis / axis - saaj / 1.4 / axis - saaj - 1.4.jar : / Users / crunchify / . m2 / repository / wsdl4j / wsdl4j / 1.6.3 / wsdl4j - 1.6.3.jar : / Users / crunchify / . m2 / repository / com / google / zxing / core / 3.2.1 / core - 3.2.1.jar : / Users / crunchify / . m2 / repository / org / apache / commons / commons - compress / 1.9 / commons - compress - 1.9.jar : / Users / crunchify / . m2 / repository / mysql / mysql - connector - java / 5.1.6 / mysql - connector - java - 5.1.6.jar : / Users / crunchify / . m2 / repository / junit / junit / 4.12 / junit - 4.12.jar : / Users / crunchify / . m2 / repository / org / hamcrest / hamcrest - core / 1.3 / hamcrest - core - 1.3.jar : / Users / crunchify / . m2 / repository / ch / qos / logback / logback - classic / 1.2.3 / logback - classic - 1.2.3.jar : / Users / crunchify / . m2 / repository / ch / qos / logback / logback - core / 1.2.3 / logback - core - 1.2.3.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - context / 5.1.3.RELEASE / spring - context - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - aop / 5.1.3.RELEASE / spring - aop - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - beans / 5.1.3.RELEASE / spring - beans - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - core / 5.1.3.RELEASE / spring - core - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - jcl / 5.1.3.RELEASE / spring - jcl - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - expression / 5.1.3.RELEASE / spring - expression - 5.1.3.RELEASE.jar : / Users / crunchify / . m2 / repository / org / springframework / spring - context - support / 5.1.3.RELEASE / spring - context - support - 5.1.3.RELEASE.jar crunchify . com . tutorials . CrunchifySSLTLS13Tutorial
HTTP / 1.1 301 Moved Permanently
Server : nginx
Date : Sat , 18 Jul 2020 03 : 10 : 08 GMT
Content - Type : text / html
Content - Length : 162
Connection : close
Location : http : //000000000.kinsta.com/
X - Content - Type - Options : nosniff
 
< html >
< head > < title > 301 Moved Permanently < / title > < / head >
< body >
< center > < h1 > 301 Moved Permanently < / h1 > < / center >
< hr > < center > nginx < / center >
< / body >
< / html >
 
Process finished with exit code 0

嘗試訪問 Google.com。 只需更換 crunchify.com 域並重新運行程序。

google.com 域的結果:

1
2
3
4
5
6
7
8
9
10
11
12
13
HTTP / 1.0 200 OK
Date : Sat , 18 Jul 2020 03 : 29 : 22 GMT
Expires : - 1
Cache - Control : private , max - age = 0
Content - Type : text / html ; charset = ISO - 8859 - 1
P3P : CP = "This is not a P3P policy! See g.co/p3phelp for more info."
Server : gws
 
X - XSS - Protection : 0
X - Frame - Options : SAMEORIGIN
 
Set - Cookie : 1P_JAR = 2020 - 07 - 18 - 03 ; expires = Mon , 17 - Aug - 2020 03 : 29 : 22 GMT ; path =/ ; domain = . google . com ; Secure
Set - Cookie : NID = 204 = BDdFDUl5oe - 0jvYXe8O9RF8x2cYz5q6dy0JRxsdQYFYV86TqTAEIPYB5BwoZCiaM0oUQ5GovV9x8qAiflI3gSbt45VrVmrXCgQX687SyRPO1lh

我希望本教程能幫助您使用 TLS1.3 協議訪問任何 URL。