Java Spring Boot应用程序可以';t通过TLSv1.2连接到RabbitMQ服务器
应用程序使用Spring Boot 1.5.20。收到请求后,它需要连接到RabbitMQ,以便将消息放置在另一个应用程序的队列上 RabbitMQ版本:3.8.3Java Spring Boot应用程序可以';t通过TLSv1.2连接到RabbitMQ服务器,java,spring-boot,rabbitmq,tls1.2,spring-amqp,Java,Spring Boot,Rabbitmq,Tls1.2,Spring Amqp,应用程序使用Spring Boot 1.5.20。收到请求后,它需要连接到RabbitMQ,以便将消息放置在另一个应用程序的队列上 RabbitMQ版本:3.8.3 Erlang版本:Erlang/OTP 22[erts-10.7.1][source][64位][smp:3:3][ds:3:3:10][async threads:64][hipe] 正在使用的RabbitMQ端口: 接口:[::],端口:5671,协议:amqp/ssl,用途:TLS上的amqp 0-9-1和amqp 1.0 R
Erlang版本:Erlang/OTP 22[erts-10.7.1][source][64位][smp:3:3][ds:3:3:10][async threads:64][hipe] 正在使用的RabbitMQ端口:
接口:[::],端口:5671,协议:amqp/ssl,用途:TLS上的amqp 0-9-1和amqp 1.0 RabbitMQ SSL配置:
$ sudo cat /etc/rabbitmq/rabbitmq.conf
listeners.tcp.default = 5672
listeners.ssl.default = 5671
ssl_options.cacertfile = /usr/local/dw/keystore/digicert-CA.cer
ssl_options.certfile = /usr/local/dw/keystore/xxx-cert.crt
ssl_options.keyfile = /usr/local/dw/keystore/xxx-key.pem
ssl_options.password = xxx
ssl_options.verify = verify_none
ssl_options.versions.1 = tlsv1.2
ssl_options.fail_if_no_peer_cert = false
$ java --Djdk.tls.client.protocols=TLSv1.2 SSLPoke <server> 5671
Successfully connected
$ java -Djdk.tls.client.protocols=TLSv1.1 SSLPoke <server> 5671
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:509)
java -Xms512m -Xmx512m -Djdk.tls.disabledAlgorithms=TLSv1.1 -Djavax.net.debug=all -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -jar <path>/<filename>.jar
任何想法都很感激 我相对有信心,今年春季的AMQP问题是罪魁祸首:
应用程序似乎需要为SSL算法提供一个配置,以便不使用默认值。我相对确信,这个Spring AMQP问题是罪魁祸首:
应用程序似乎需要为SSL算法提供配置,以便不使用默认值。我对旧版本的java
amqp客户端amqp客户端的旧版本中遇到了同样的问题,该版本硬编码了默认协议。JRE不再支持该协议。
java -Xms512m -Xmx512m -Djdk.tls.disabledAlgorithms=TLSv1.1 -Djavax.net.debug=all -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -jar <path>/<filename>.jar
2020-08-07 11:02:22,764 INFO [472-exec-8] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: xxx.xxx.com:5671
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
https-jsse-nio-7472-exec-8, setSoTimeout(10000) called
Ignoring disabled protocol: TLSv1.1
https-jsse-nio-7472-exec-8, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled
or cipher suites are inappropriate)
https-jsse-nio-7472-exec-8, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
https-jsse-nio-7472-exec-8, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
https-jsse-nio-7472-exec-8, called closeSocket()
https-jsse-nio-7472-exec-8, called close()
https-jsse-nio-7472-exec-8, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
2020-08-07 11:02:22,824 ERROR [472-exec-8] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherSer
vlet] in context with path [/xxx] threw exception [Request processing failed; nested exception is org.springframework.
amqp.AmqpIOException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inap
propriate)] with root cause
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:509)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1474)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1346)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)