I am developing a java agent to monitor http communications happening in my application server. I like to know the SSL version(SSLv3, TLS, etc) used in outgoing Https connections. Is there a way to get the SSL version by any means?
Get SSL Version used in HttpsURLConnection - Java
Asked Answered
I used this solution, maybe it can help you:
First you need an extension class of SSLSocketFactory
to attach a HandshakeCompletedListener
to the sockets created by the SSLSocketFactory
:
(inspired by How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)
public class SecureSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private HandshakeCompletedListener handshakeListener;
public SecureSSLSocketFactory(
SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
this.delegate = delegate;
this.handshakeListener = handshakeListener;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
if (null != this.handshakeListener) {
socket.addHandshakeCompletedListener(this.handshakeListener);
}
return socket;
}
// and so on for all the other createSocket methods of SSLSocketFactory.
@Override
public String[] getDefaultCipherSuites() {
// TODO: or your own preferences
return this.delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
// TODO: or your own preferences
return this.delegate.getSupportedCipherSuites();
}
Then you need an implementation of the HandshakeCompletedListener
interface. You must implement the handshakeCompleted
method:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
} catch (SSLPeerUnverifiedException e) {
}
}
In handshakeCompleted
you can get the protocol version (maybe TLSv1.2), and by the way also the information on cipher suite etc., that is also accessible via HttpsConnection
.
You can set the custom SSL socket factory via conn.setSSLSocketFactory
before connect:
private void setupAndConnect() {
URL url = new URL("https://host.dom/xyz");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null); // simple here
conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
// conn.set... /* set other parameters */
conn.connect();
© 2022 - 2024 — McMap. All rights reserved.