From 4363942008b0a37c6c1017b8cc17c0467f141295 Mon Sep 17 00:00:00 2001 From: jsonwan Date: Thu, 6 Apr 2023 11:07:34 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20RestTemplate=E5=8E=BB=E9=99=A4=E5=AF=B9?= =?UTF-8?q?SSLv2Hello=E4=B8=8ESSLv3=E5=8D=8F=E8=AE=AE=E7=9A=84=E6=94=AF?= =?UTF-8?q?=E6=8C=81=20#1915?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 去除对SSLv2Hello与SSLv3协议的支持,使用JDK默认支持的协议 --- .../tencent/bk/job/gateway/config/RestConfig.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RestConfig.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RestConfig.java index acf8959497..b33ee91aab 100644 --- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RestConfig.java +++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RestConfig.java @@ -24,6 +24,7 @@ package com.tencent.bk.job.gateway.config; +import lombok.extern.slf4j.Slf4j; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.socket.ConnectionSocketFactory; @@ -47,6 +48,7 @@ import java.security.cert.X509Certificate; import java.util.List; +@Slf4j @Configuration public class RestConfig { @Bean @@ -61,8 +63,12 @@ public RestTemplate restTemplate() { try { SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, (X509Certificate[] x509Certificates, String s) -> true); - SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(builder.build(), new String[]{ - "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE); + SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( + builder.build(), + null, + null, + NoopHostnameVerifier.INSTANCE + ); Registry registry = RegistryBuilder.create() .register("http", new PlainConnectionSocketFactory()) .register("https", socketFactory).build(); @@ -72,9 +78,8 @@ public RestTemplate restTemplate() { HttpClients.custom().setSSLSocketFactory(socketFactory).setConnectionManager(phccm) .setConnectionManagerShared(true).build(); factory.setHttpClient(httpClient); - } catch (Exception e) { - + log.error("Fail to init httpClient", e); } RestTemplate restTemplate = new RestTemplate(factory);