SSLServerSocket关闭RENEGOTIATION
时间: 2024-03-02 13:52:50 浏览: 14
如果您想关闭Java SSLServerSocket上的RENEGOTIATION,则可以使用以下代码:
```
SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket) factory.createServerSocket(port);
sslServerSocket.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"});
sslServerSocket.setEnabledCipherSuites(new String[] {"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"});
sslServerSocket.setNeedClientAuth(true);
SSLParameters sslParams = new SSLParameters(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}, new String[] {"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"});
sslParams.setEndpointIdentificationAlgorithm(null);
sslParams.setWantClientAuth(true);
sslServerSocket.setSSLParameters(sslParams);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
sslServerSocket.setWantClientAuth(true);
sslServerSocket.setNeedClientAuth(true);
sslServerSocket.setEnableSessionCreation(true);
sslServerSocket.setUseClientMode(false);
```
这将设置SSLServerSocket仅接受TLSv1,TLSv1.1和TLSv1.2协议,使用支持的密码套件,并需要客户端证书验证。此外,还需要使用`setEndpointIdentificationAlgorithm(null)`来禁用服务器名称验证,从而避免TLS握手中的RENEGOTIATION。