Fatal编程技术网
  • java/
  • Java 使用IBMJDK而不使用TLS1.2的Gradle构建

Java 使用IBMJDK而不使用TLS1.2的Gradle构建

java gradle

Java 使用IBMJDK而不使用TLS1.2的Gradle构建,java,gradle,ibm-jdk,Java,Gradle,Ibm Jdk,我们正在调用Jenkins的gradle构建,使用的Java是IBMJava1.8。构建完成后,打包的ear文件应该在Artifactory上发布,这就是它失败的地方,因为它使用的是TLSv1,而Artifactory服务器使用的是TLSv1.2(RECV TLSv1.2警报:致命,协议_版本)。 我们指定了参数,试图强制它使用TLSv1.2,但没有效果 如果我们简单地将Java从IBMJava切换到OpenJDK,那么一切都可以工作,但我们必须使用IBMJDK 以下为日志摘录,如有任何见解,将

我们正在调用Jenkins的gradle构建,使用的Java是IBMJava1.8。构建完成后,打包的ear文件应该在Artifactory上发布,这就是它失败的地方,因为它使用的是TLSv1,而Artifactory服务器使用的是TLSv1.2(RECV TLSv1.2警报:致命,协议_版本)。 我们指定了参数,试图强制它使用TLSv1.2,但没有效果

如果我们简单地将Java从IBMJava切换到OpenJDK,那么一切都可以工作,但我们必须使用IBMJDK

以下为日志摘录,如有任何见解,将不胜感激

16:37:27  BUILD_ID=52
16:37:27  JAVA_TOOL_OPTIONS=-Duser.home=/home/jenkins -Dhttps.protocols=TLSv1.2 -Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all  -Dcom.ibm.jsse2.disablesslv3=false -Djdk.tls.client.protocols=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Djdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1

16:39:49  jdk.tls.client.protocols is defined as TLSv1.2
16:39:49  SSLv3 protocol was requested but was not enabled
16:39:49  SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49  SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49  CLIENT_DEFAULT: [TLSv1.2]
16:39:49  IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
16:39:49  IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
16:39:49  IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
16:39:49  IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
16:39:49  IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
16:39:49  
16:39:49  Is initial handshake: true
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
16:39:49  %% No cached client session
16:39:49  *** ClientHello, TLSv1
16:39:49  RandomCookie:  GMT: 1595384853 bytes = { 107, 178, 131, 155, 114, 248, 46, 134, 176, 84, 230, 191, 243, 124, 238, 63, 233, 106, 234, 197, 151, 26, 164, 199, 46, 116, 65, 30 }
16:39:49  Session ID:  {}
16:39:49  Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA]
16:39:49  Compression Methods:  { 0 }
16:39:49  Extension elliptic_curves, curve names: {secp256r1, secp192r1, secp224r1, secp384r1, secp521r1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp256k1}
16:39:49  Extension ec_point_formats, formats: [uncompressed]
16:39:49  Extension server_name, server_name: [type=host_name (0), value=artifactory..xxx.xxx]
16:39:49  ***
16:39:49  [write] MD5 and SHA1 hashes:  len = 123

16:39:49  [Raw read]: length = 2
16:39:49  0000: 02 46                                              .F
16:39:49  
16:39:49  pool-1-thread-1, READ: TLSv1 Alert, length = 2
16:39:49  pool-1-thread-1, RECV TLSv1.2 ALERT:  fatal, protocol_version
**16:39:49  pool-1-thread-1, called closeSocket()
16:39:49  pool-1-thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
16:39:49  Error occurred for request GET /artifactory/api/system/version HTTP/1.1: Received fatal alert: protocol_version.**```
尝试更新gradle.properties,使其具有:

systemProp.com.ibm.jsse2.overrideDefaultTLS=true

我们已经尝试过了。由于使用docker,该参数似乎不起作用。添加该参数后,是否运行了。/gradlew--stop以停止任何正在运行的守护进程?