Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/330.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
使用Java与WebSphere的SSL握手错误_Java_Ssl_Https_Websphere - Fatal编程技术网
Fatal编程技术网
  • java/
  • 使用Java与WebSphere的SSL握手错误

使用Java与WebSphere的SSL握手错误

java ssl https websphere

使用Java与WebSphere的SSL握手错误,java,ssl,https,websphere,Java,Ssl,Https,Websphere,将Java HTTP客户端代码与WebSphere服务器URL连接时遇到错误。测试抛出SSL握手错误消息: 代码部署使用Java7和Java8进行了测试: java -Djavax.net.ssl.keyStore=mykey.jks -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=ssl,handshake postHTTPWAS 日志文件: .. jdk.tls.client.protocols is defined as TL

将Java HTTP客户端代码与WebSphere服务器URL连接时遇到错误。测试抛出SSL握手错误消息:

代码部署使用Java7和Java8进行了测试:

java -Djavax.net.ssl.keyStore=mykey.jks  -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=ssl,handshake postHTTPWAS
日志文件:

.. 
jdk.tls.client.protocols is defined as TLSv1.2
SSLv3 protocol was requested but was not enabled
.. Extension server_name, server_name: [type=host_name (0), value=myhost.domain.com]
***
main, WRITE: TLSv1 Handshake, length = 155
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
JRE的java.security设置配置如下:

...
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3
jdk.certpath.disabledAlgorithms=SSLv3
com.ibm.jsse2.disableSSLv3=true

。。。
jdk.jar.disabledAlgorithms=MD2,RSA密钥大小<1024
jdk.tls.disabledAlgorithms=SSLv3
jdk.certpath.disabledAlgorithms=SSLv3
com.ibm.jsse2.disableSSLv3=true
问题:

1) 为什么SSL跟踪显示对SSLv3的引用,SSLv3是一种在客户端安全设置中被逻辑禁用的协议

2) SSLHandshakeException的根错误是什么

3) 是否可以将TLSv1.2启用为所有HTTPS客户端连接的默认选项,以及设置它的正确系统属性?

我已经隔离了错误

较新版本的WAS应用程序服务器(完整版)预期客户端将连接到TLSv1.2。对于手动Java JRE调用,请使用参数-Dhttps.protocols=TLSv1.2,如下所示:

/opt/java8/ibm-java-x86_64-80/bin/javac SSLTest.java && /opt/java8/ibm-java-x86_64-80/jre/bin/java -Dhttps.protocols=TLSv1.2  SSLTest
对于ApacheHTTPS客户端(>V.4.5.2),我添加了几个附加部分,以使HTTPS与TLSv1.2连接。两个连接现在都正常工作

// for TLSv1.2 add: 
import org.apache.http.config.Registry; 
import org.apache.http.config.RegistryBuilder; 
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import javax.net.ssl.SSLContext;
import java.security.NoSuchAlgorithmException;
import java.security.KeyManagementException; 
import org.apache.http.ssl.SSLContexts;  

    //Set the https use TLSv1.2
    private static Registry<ConnectionSocketFactory> getRegistry() throws KeyManagementException, NoSuchAlgorithmException {
        SSLContext sslContext = SSLContexts.custom().build();
        SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext,
                new String[]{"TLSv1.2"}, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
        return RegistryBuilder.<ConnectionSocketFactory>create()
            .register("http", PlainConnectionSocketFactory.getSocketFactory())
            .register("https", sslConnectionSocketFactory)
            .build();
    }

   // for TLSv1.2 use:  
   PoolingHttpClientConnectionManager clientConnectionManager = new PoolingHttpClientConnectionManager(getRegistry());
   clientConnectionManager.setMaxTotal(100);
   clientConnectionManager.setDefaultMaxPerRoute(20);
   HttpClient client = HttpClients.custom().setConnectionManager(clientConnectionManager).build();

//对于TLSv1.2添加:
导入org.apache.http.config.Registry;
导入org.apache.http.config.RegistryBuilder;
导入org.apache.http.conn.ssl.SSLConnectionSocketFactory;
导入org.apache.http.conn.socket.PlainConnectionSocketFactory;
导入org.apache.http.conn.socket.ConnectionSocketFactory;
导入org.apache.http.impl.conn.poolighttpclientconnectionmanager;
导入javax.net.ssl.SSLContext;
导入java.security.NoSuchAlgorithmException;
导入java.security.KeyManagementException;
导入org.apache.http.ssl.SSLContexts;
//使用TLSv1.2设置https
私有静态注册表getRegistry()引发KeyManagementException,NoSuchAlgorithmException{
SSLContext SSLContext=SSLContexts.custom().build();
SSLConnectionSocketFactory SSLConnectionSocketFactory=新的SSLConnectionSocketFactory(sslContext,
新字符串[]{“TLSv1.2”},null,SSLConnectionSocketFactory.getDefaultHostnameVerifier());
返回RegistryBuilder.create()
.register(“http”,PlainConnectionSocketFactory.getSocketFactory())
.register(“https”,sslConnectionSocketFactory)
.build();
}
//对于TLSv1.2,请使用:
PoolighttpClientConnectionManager客户端连接管理器=新的PoolighttpClientConnectionManager(getRegistry());
客户端连接管理器setMaxTotal(100);
客户端连接管理器setDefaultMaxPerRoute(20);
HttpClient client=HttpClients.custom().setConnectionManager(clientConnectionManager.build();
您使用的是什么版本的WebSphere,服务器上启用了什么SSL/TLS协议?您只需要服务器支持TLSv1.2,以确保客户机/服务器通信始终在TLSv1.2上。安装的WebSphere版本为8.5.5.10。使用IBM Java 6、7和8 JRE以及几个TLS设置(不包括易受攻击的SSLv3)测试客户端。