问题描述
我已经构建了一个Spring Boot应用程序,该应用程序使用2-way ssl连接到第三方服务器,但是,在每次请求时都会进行新的ssl握手,这会增加总响应时间。启用ssl日志后,我发现握手没有被缓存。
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello,TLSv1.2
RandomCookie: GMT: 1598812487 bytes = { 209,171,12,159,240,64,79,68,213,92,38,134,30,46,103,154,107,63,220,114,125,179,136,35,18,76,98,212 }
Session ID: {}
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
https-jsse-nio-8090-exec-1,WRITE: TLSv1.2 Handshake,length = 40
https-jsse-nio-8090-exec-1,READ: TLSv1.2 Change Cipher Spec,length = 1
update handshake state: change_cipher_spec
upcoming handshake states: server finished[20]
https-jsse-nio-8090-exec-1,READ: TLSv1.2 Handshake,length = 40
check handshake state: finished[20]
update handshake state: finished[20]
*** Finished
verify_data: { 137,94,123,60,80,13,84,192,237,89 }
***
%% Didn't cache non-resumable client session: [Session-3,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
https-jsse-nio-8090-exec-1,setSoTimeout(60000) called
https-jsse-nio-8090-exec-1,WRITE: TLSv1.2 Application Data,length = 844
https-jsse-nio-8090-exec-1,READ: TLSv1.2 Application Data,length = 504
https-jsse-nio-8090-exec-1,setSoTimeout(0) called
这就是我构建休息模板的方式
KeyStore keyStore;
SSLContext sslContext = null;
keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ResourceUtils.getFile(keyStoreLocation)),keyStorePassword.tochararray());
sslContext = SSLContexts.custom()
.loadKeyMaterial(keyStore,keyStorePassword.tochararray())
.build();
SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(sslContext,new NoopHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("https",sslFactory).register("http",PlainConnectionSocketFactory.INSTANCE).build();
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(
socketFactoryRegistry);
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(maxPerRoute);
poolingHttpClientConnectionManager.setMaxTotal(maxTotal);
CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext)
.setConnectionManager(poolingHttpClientConnectionManager).build();
HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(
client);
httpComponentsClientHttpRequestFactory.setConnectTimeout(httpConnectTimeout);
httpComponentsClientHttpRequestFactory.setConnectionRequestTimeout(httpConnectRequestTimeout);
httpComponentsClientHttpRequestFactory.setReadTimeout(httpReadTimeout);
return new RestTemplate(httpComponentsClientHttpRequestFactory);
请让我知道这里出了什么问题以及如何纠正。让我知道从头到尾是否还需要其他信息。
谢谢!
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)