问题描述
SSLSocket.getEnabledProtocols()方法返回以下内容: [SSLv2Hello,SSLv3,TLSv1] 。事实上,当我调用 connect()并打开SSL调试时,我看到使用了一个v2客户端问候语:
The SSLSocket.getEnabledProtocols() method returns the following: [SSLv2Hello, SSLv3, TLSv1]. And indeed, when I call connect() and I have SSL debugging turned on, I see that a v2 client hello is used:
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
但是我发现两个(不可否认的是旧的)引用说JSSE 不支持SSL版本2:
But I have found two (admittedly old) references that say JSSE does not support SSL version 2:
来自:
来自:
现在,我的理解是版本2.0客户端问候语只应在客户端时发送支持SSL 2.0版。来自:
Now, my understanding is that version 2.0 client hello should only be sent when the client does support SSL version 2.0. From RFC 2246:
那么为什么Java会使用它?
So why does Java use it?
推荐答案
Sun的JSSE不支持SSLv2,但它支持 SSlv2ClientHello ,以支持一些需要它的SSL服务器。你可以通过从启用的协议中删除它来关闭它。
Sun's JSSE doesn't support SSLv2 but it supports the SSlv2ClientHello, to support some SSL servers that require it. You can turn it off by removing it from the enabled protocols.
IBM的JSSE完全支持SSLv2。
IBM's JSSE does support SSLv2 entirely.
来自:
我想'服务器实现'应该是上面的'SSL实现'。
I imagine 'server implementations' should read 'SSL implementations' above.
编辑:感谢引用我的书!
thanks for citing my book!
这篇关于为什么Java的SSLSocket发送版本2客户端问候?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!