Java 在netty中使用SSLv3
我需要编写一个使用SSLv3协议和netty的服务器和客户端。这是我的服务器代码:Java 在netty中使用SSLv3,java,sockets,security,netty,sslv3,Java,Sockets,Security,Netty,Sslv3,我需要编写一个使用SSLv3协议和netty的服务器和客户端。这是我的服务器代码: private final SslContext sslCtx = SslContextBuilder.forServer(new File("/path/to/sslkeys/server.crt.pem"), new File("/path/to/sslkeys/server.key.pem")).protocols("SSLv3").build(); @Override public vo
private final SslContext sslCtx = SslContextBuilder.forServer(new File("/path/to/sslkeys/server.crt.pem"),
new File("/path/to/sslkeys/server.key.pem")).protocols("SSLv3").build();
@Override
public void run() {
EventLoopGroup bossGroup = new NioEventLoopGroup(1);
EventLoopGroup workerGroup = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new ChannelInitializer<SocketChannel>() {
@Override
protected void initChannel(SocketChannel socketChannel) {
socketChannel.pipeline().addLast(
sslCtx.newHandler(socketChannel.alloc()));
}
})
.childOption(ChannelOption.RCVBUF_ALLOCATOR, new FixedRecvByteBufAllocator(BUFFER_SIZE))
.childOption(ChannelOption.AUTO_READ, false)
.bind(LISTEN_PORT).sync().channel().closeFuture().sync();
} catch (InterruptedException e) {
e.printStackTrace();
} finally {
workerGroup.shutdownGracefully();
bossGroup.shutdownGracefully();
}
}
private final SslContext sslCtx=SslContextBuilder.forServer(新文件(“/path/to/sslkeys/server.crt.pem”),
新文件(“/path/to/sslkeys/server.key.pem”).protocols(“SSLv3”).build();
@凌驾
公开募捐{
EventLoopGroup bossGroup=新的NioEventLoopGroup(1);
EventLoopGroup workerGroup=新的NioEventLoopGroup();
试一试{
ServerBootstrap b=新的ServerBootstrap();
b、 组(bossGroup、workerGroup)
.channel(NioServerSocketChannel.class)
.handler(新的LoggingHandler(LogLevel.INFO))
.childHandler(新的通道初始值设定项(){
@凌驾
受保护的通道(SocketChannel SocketChannel){
socketChannel.pipeline().addLast(
newHandler(socketChannel.alloc());
}
})
.childOption(ChannelOption.RCVBUF_分配器,新的fixedrecvbytebufolocator(缓冲区大小))
.childOption(ChannelOption.AUTO_READ,false)
.bind(侦听端口).sync().channel().closeFuture().sync();
}捕捉(中断异常e){
e、 printStackTrace();
}最后{
workerGroup.shutdownGracefully();
bossGroup.shutdownGracefully();
}
}
以下是尝试连接到服务器的客户端代码:
private final SslContext SSL_CTX =
SslContextBuilder.forClient().trustManager(new File("/home/okv/sslkeys/server.crt.pem"))
.protocols("SSLv3").build();
@Override
public void channelActive(ChannelHandlerContext ctx) {
final Channel inboundChannel = ctx.channel();
// Start the connection attempt.
Bootstrap b = new Bootstrap();
b.group(inboundChannel.eventLoop())
.channel(ctx.channel().getClass())
.handler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel channel) throws Exception {
channel.pipeline()
.addLast(SSL_CTX.newHandler(channel.alloc(), REMOTE_HOST, REMOTE_PORT),
new Decoder(), new ServerHandler(inboundChannel), new Encoder(BUFFER_SIZE));
}
})
.option(ChannelOption.AUTO_READ, false);
ChannelFuture f = b.connect(REMOTE_HOST, REMOTE_PORT);
outboundChannel = f.channel();
f.addListener((ChannelFutureListener) future -> {
if (future.isSuccess()) {
// connection complete start to read first data
inboundChannel.read();
} else {
// Close the connection if the connection attempt has failed.
inboundChannel.close();
}
});
}
private final SslContext SSL\u CTX=
SslContextBuilder.forClient().trustManager(新文件(“/home/okv/sslkeys/server.crt.pem”))
.protocols(“SSLv3”).build();
@凌驾
public void channelActive(ChannelHandlerContext ctx){
最终通道inboundChannel=ctx.Channel();
//开始连接尝试。
引导b=新引导();
b、 组(inboundChannel.eventLoop())
.channel(ctx.channel().getClass())
.handler(新的通道初始值设定项(){
@凌驾
受保护的无效初始化通道(通道通道)引发异常{
管道()
.addLast(SSL_CTX.newHandler(channel.alloc()、远程_主机、远程_端口),
新解码器()、新服务器处理器(inboundChannel)、新编码器(缓冲区大小);
}
})
.option(ChannelOption.AUTO_READ,false);
ChannelFuture f=b.connect(远程主机、远程端口);
outboundChannel=f.channel();
f、 addListener((ChannelFutureListener)未来->{
if(future.issucess()){
//连接完成开始读取第一个数据
inboundChannel.read();
}否则{
//如果连接尝试失败,请关闭连接。
inboundChannel.close();
}
});
}
但不幸的是,未建立连接,错误如下:
11:05:55信息-[id:0xb5674d2c,L:/127.0.0.1:4444!R:/127.0.0.1:57180]用户事件:SslHandshakeCompletionEvent(java.nio.channels.ClosedChannelException)
11:05:55信息-[id:0xb5674d2c,L:/127.0.0.1:4444!
R:/127.0.0.1:57180]用户事件:
SslCloseCompletionEvent(java.nio.channels.ClosedChannelException)
如果删除协议SSLv3,那么一切都正常。我的错误是什么?如何在netty中使用SSLv3?首先感谢您的回答SSLv3已经被破坏了四年,Java版本默认配置为不使用它已经有三年了。检查JVM的java.security文件中的jdk.tls.disabledAlgorithms,必要时编辑,或在代码中重写该secprop。并确保您从未通过SSLv3连接发送任何实际重要或有价值的信息。此外,这只是一个一般性建议,永远不要使用SSLv3。