Fatal编程技术网
  • java/
  • Java 使用IBM JDK 6启用ECDHE密码

Java 使用IBM JDK 6启用ECDHE密码

java ssl

Java 使用IBM JDK 6启用ECDHE密码,java,ssl,sslhandshakeexception,Java,Ssl,Sslhandshakeexception,使用IBM Rational®Software Architect for WebSphere软件版本:9.0.0.1和JDK 6 正在尝试将ECDHE密码添加到运行时环境。在at,IBM表示“第二个列表显示了IBMJSSE提供程序支持但默认禁用的(ECDHE)密码套件” 我可以将ClientHello更改为TLSv1.0、TLSv1.1或TLSv1.3,但始终返回相同的密码套件。他们都不是埃克德 如果有人知道如何启用ECDHE密码,将不胜感激 这里是控制台输出 SSLContextIm

使用IBM Rational®Software Architect for WebSphere软件版本:9.0.0.1和JDK 6

正在尝试将ECDHE密码添加到运行时环境。在at,IBM表示“第二个列表显示了IBMJSSE提供程序支持但默认禁用的(ECDHE)密码套件”

我可以将ClientHello更改为TLSv1.0、TLSv1.1或TLSv1.3,但始终返回相同的密码套件。他们都不是埃克德

如果有人知道如何启用ECDHE密码,将不胜感激

这里是控制台输出

    SSLContextImpl:  Using X509ExtendedKeyManager com.ibm.jsse2.hd
    SSLContextImpl:  Using X509TrustManager com.ibm.jsse2.pc
    JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
    trigger seeding of SecureRandom
    done seeding SecureRandom
    instantiated an instance of class com.ibm.jsse2.SSLSocketFactoryImpl
    IBMJSSE2 will not enable CBC protection
    IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
    JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
    JsseJCE:  Using cipher AES/CBC/NoPadding from provider TBD via init 
    CipherBox:  Using cipher AES/CBC/NoPadding from provider from init IBMJCE version 1.2
    IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
    IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
    IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default

    Is initial handshake: true
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1503070341 bytes = { 152, 50, 18, 78, 108, 96, 63, 98, 44, 14, 255, 58, 89, 161, 90, 194, 150, 17, 22, 60, 58, 30, 156, 194, 83, 148, 201, 11 }
    Session ID:  {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA256withDSA, SHA1withDSA, MD5withRSA
    ***
    main, WRITE: TLSv1.2 Handshake, length = 121
    main, READ: TLSv1.2 Alert, length = 2
    main, RECV TLSv1 ALERT:  fatal, handshake_failure
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.ibm.jsse2.o.a(o.java:8)
        at com.ibm.jsse2.o.a(o.java:4)
        at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:40)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:554)
        at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:223)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:724)
        at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:81)
        at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:8)
        at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:20)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1207)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:390)
        at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:36)
        at Java6withHostHeader.main(Java6withHostHeader.java:94)
在所有回应的人的帮助下,我终于找到了答案。 首先,我使用此代码列出了所有可用的密码,这些密码确认了所需的ECDHE密码已安装但未启用,它给出了每个密码的正确拼写- 然后在IDE中,我在runconfigurations/VM参数下设置了以下值,它就工作了-Dhttps.protocols=“TLSv1.1”-Dhttps.cipherSuites=“SSL\u ECDHE\u ECDSA\u WITH_3DES\u EDE\u CBC\u SHA,SSL\u ECDHE\u ECDSA\u WITH_AES\u 128\u CBC\u SHA,等等。”

感谢大家的帮助

您必须通过使用适当的调用或设置
https.ciphersuites
@James显式启用这些密码套件-您知道IBM的Java 6是否支持ECDHE吗?EC密码被添加到TLS的1.1中。Mike-服务器是否有EC证书?如果服务器只有一个RSA密钥,您就不能执行EC。@jww:我不确定,但我想是的。此外,还有一些ECDHE_RSA密码套件只需要通常的RSA证书,例如,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA@jww:不太需要。4492几乎与4346同时发布,但它确实适用于2246。Sun Java6确实在JSSE中实现了ECC套件,但它们只有在为ECC原语添加提供者时才起作用,例如BouncyCastle(Java7有SunEC),而Sun Java6根本没有实现1.1或1.2。OpenSSL同样在1.0.0(2010)中实现了ECC,但在1.0.1(2012)中实现了1.1和1.2。MikeT:尽管IBM不使用Sun/Oracle/OpenJDK提供程序,但它可能仍然存在相同的问题:您的JRE是否有ECC原语的提供程序?我同意詹姆斯的观点,你需要启用这些套件。@MikeT:请加上你为解决这个问题所采取的步骤作为答案,你可以(也应该)回答你自己的问题。请提供足够的详细信息,以便遇到您问题的人能够通过阅读您的答案来解决他们的问题。