🎨 #3655 通过支持现代 TLS 版本修复 SSL 握手失败问题

2026-03-10 00:13:40 +08:00 · 2025-07-25 11:41:06 +08:00
parent 875c35e745
commit 14f8c8ebc2
5 changed files with 215 additions and 1 deletions
--- a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/ApacheHttpClientBuilder.java
+++ b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/ApacheHttpClientBuilder.java
@@ -53,4 +53,10 @@ public interface ApacheHttpClientBuilder {
   * ssl连接socket工厂.
   */
  ApacheHttpClientBuilder sslConnectionSocketFactory(SSLConnectionSocketFactory sslConnectionSocketFactory);
+
+  /**
+   * 支持的TLS协议版本.
+   * Supported TLS protocol versions.
+   */
+  ApacheHttpClientBuilder supportedProtocols(String[] supportedProtocols);
 }
--- a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/ApacheHttpDnsClientBuilder.java
+++ b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/ApacheHttpDnsClientBuilder.java
@@ -117,6 +117,13 @@ public class ApacheHttpDnsClientBuilder implements ApacheHttpClientBuilder {
    return this;
  }

+  @Override
+  public ApacheHttpClientBuilder supportedProtocols(String[] supportedProtocols) {
+    // This implementation doesn't use the supportedProtocols parameter as it relies on the provided SSLConnectionSocketFactory
+    // Users should configure the SSLConnectionSocketFactory with desired protocols before setting it
+    return this;
+  }
+
  /**
   * 获取链接的超时时间设置,默认3000ms
   * <p>
--- a/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/DefaultApacheHttpClientBuilder.java
+++ b/weixin-java-common/src/main/java/me/chanjar/weixin/common/util/http/apache/DefaultApacheHttpClientBuilder.java
@@ -93,6 +93,12 @@ public class DefaultApacheHttpClientBuilder implements ApacheHttpClientBuilder {
   */
  private String userAgent;

+  /**
+   * 支持的TLS协议版本，默认支持现代TLS版本
+   * Supported TLS protocol versions, defaults to modern TLS versions
+   */
+  private String[] supportedProtocols = {"TLSv1.2", "TLSv1.3", "TLSv1.1", "TLSv1"};
+
  /**
   * 自定义请求拦截器
   */
@@ -179,6 +185,12 @@ public class DefaultApacheHttpClientBuilder implements ApacheHttpClientBuilder {
    return this;
  }

+  @Override
+  public ApacheHttpClientBuilder supportedProtocols(String[] supportedProtocols) {
+    this.supportedProtocols = supportedProtocols;
+    return this;
+  }
+
  public IdleConnectionMonitorThread getIdleConnectionMonitorThread() {
    return this.idleConnectionMonitorThread;
  }
@@ -257,7 +269,7 @@ public class DefaultApacheHttpClientBuilder implements ApacheHttpClientBuilder {

      return new SSLConnectionSocketFactory(
        sslcontext,
-        new String[]{"TLSv1"},
+        this.supportedProtocols,
        null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
    } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {