i read in article httpsurlconnection transparently negotiate ssl connection.
the official document says:
this class uses hostnameverifier , sslsocketfactory. there default implementations defined both classes. [1]
does mean once open connection with
httpscon = (httpsurlconnection) url.openconnection(); it ssl/tls encrypted without more hassle?
how can view , set tls version standard implementation? (should tls 1.2 java 8 , tls 1.0 java 7)
references
- oracle corp. (2011). javax.net.ssl.httpsurlconnection. (javadoc)
you have create sslcontext set protocoll:
in java 1.8:
sslcontext sc = sslcontext.getinstance("tlsv1.2"); // init sslcontext trustmanager[] , securerandom() sc.init(null, trustcerts, new java.security.securerandom()); in java 1.7:
sslcontext sc = sslcontext.getinstance("tlsv1"); // init sslcontext trustmanager[] , securerandom() sc.init(null, trustcerts, new java.security.securerandom()); then have set sslcontext httpsurlconnection:
httpscon.setsslsocketfactory(sc.getsocketfactory()); that should trick.
Comments
Post a Comment