使用Java的WebSphere的SSL握手错误-Java 学习之路

将Java HTTP客户端代码与WebSphere服务器URL连接时遇到错误 . 该测试抛出SSL握手错误消息：

代码部署使用Java7和Java8进行了测试：

java -Djavax.net.ssl.keyStore=mykey.jks  -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=ssl,handshake postHTTPWAS

Log file:

.. 
jdk.tls.client.protocols is defined as TLSv1.2
SSLv3 protocol was requested but was not enabled
.. Extension server_name, server_name: [type=host_name (0), value=myhost.domain.com]
***
main, WRITE: TLSv1 Handshake, length = 155
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

JRE的java.security设置配置如下：

...
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3
jdk.certpath.disabledAlgorithms=SSLv3
com.ibm.jsse2.disableSSLv3=true

Questions:

1）为什么SSL跟踪显示对SSLv3的引用，SSLv3是在客户端安全设置中逻辑禁用的协议？

2）SSLHandshakeException的根错误是什么？

3）是否可以将TLSv1.2作为所有HTTPS客户端连接的默认选择，哪个是设置它的正确系统属性？

1 回答

我已经隔离了错误 .

较新版本的WAS应用程序服务器（完整版）期望客户端将与TLSv1.2连接 . 对于手动Java JRE调用，请使用参数-Dhttps.protocols = TLSv1.2，如下所示：

/opt/java8/ibm-java-x86_64-80/bin/javac SSLTest.java && /opt/java8/ibm-java-x86_64-80/jre/bin/java -Dhttps.protocols=TLSv1.2  SSLTest

对于Apache HTTPS客户端（> V.4.5.2），我添加了一些其他部分，以使HTTPS与TLSv1.2连接 . 两个连接现在都正常工作 .

// for TLSv1.2 add: 
import org.apache.http.config.Registry; 
import org.apache.http.config.RegistryBuilder; 
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import javax.net.ssl.SSLContext;
import java.security.NoSuchAlgorithmException;
import java.security.KeyManagementException; 
import org.apache.http.ssl.SSLContexts;  

    //Set the https use TLSv1.2
    private static Registry<ConnectionSocketFactory> getRegistry() throws KeyManagementException, NoSuchAlgorithmException {
        SSLContext sslContext = SSLContexts.custom().build();
        SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext,
                new String[]{"TLSv1.2"}, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
        return RegistryBuilder.<ConnectionSocketFactory>create()
            .register("http", PlainConnectionSocketFactory.getSocketFactory())
            .register("https", sslConnectionSocketFactory)
            .build();
    }

   // for TLSv1.2 use:  
   PoolingHttpClientConnectionManager clientConnectionManager = new PoolingHttpClientConnectionManager(getRegistry());
   clientConnectionManager.setMaxTotal(100);
   clientConnectionManager.setDefaultMaxPerRoute(20);
   HttpClient client = HttpClients.custom().setConnectionManager(clientConnectionManager).build();

回复于 2024-05-09T00:24:05+08:00

使用Java的WebSphere的SSL握手错误

1 回答

相关问题