在没有证书的 https 上的 java SSL

2022-01-19 00:00:00 https ssl network-programming java

Is it possible to use ssl with HttpURLConnection without using a certificate in Java?

I want to use a random number or a symmetric key.

解决方案

Although SSL/TLS doesn't strictly require certificates, HTTPS expects certificates, since RFC 2818 (in particular, Section 3.1) clearly refers to X.509 certificates.

You'll find more details in this answer on ServerFault, to a very similar question.

Whatever you do without certificate will be out of scope of RFC 2818, but it might still work (and make sense). However it is supported by other implementations may vary. If you choose not to use certificates, you'll still need a way to verify the identify of the server to ensure the security of the communication.

EDIT:

The Oracle provider for JSSE doesn't support PSK cipher suties (or OpenPGP certs). The closest to a shared-key you'll get out of that are Kerberos cipher suites.

相关文章