Java 7和TLSv1.2套接字
我正在尝试使用加密连接到web服务器。web服务器仅允许使用协议TLSv1.2进行连接 我已从中修改了此代码段 但是如果我尝试使用JRE1.7.0_75和Java 7和TLSv1.2套接字,java,ssl,encryption,prtg,Java,Ssl,Encryption,Prtg,我正在尝试使用加密连接到web服务器。web服务器仅允许使用协议TLSv1.2进行连接 我已从中修改了此代码段 但是如果我尝试使用JRE1.7.0_75和-Djavax.net.debug=all,我会得到以下结果 Enabled Protocols: TLSv1, Supported Protocols: SSLv2Hello, Set Protocols: TLSv1.2, keyStore is : keyStore type is : jks keyStore provider is
-Djavax.net.debug=allEnabled Protocols:
TLSv1,
Supported Protocols:
SSLv2Hello,
Set Protocols:
TLSv1.2,
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jdk1.7.0_75\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
...SKIPPING CERTIFICATE INIT...
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Enabled Protocols:
TLSv1,
Supported Protocols:
SSLv2Hello,
Set Protocols:
TLSv1.2,
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1406651565 bytes = { 85, 112, 165, 115, 135, 15, 171, 1, 167, 182, 47, 68, 233, 53, 164, 111, 112, 244, 51, 252, 240, 40, 178, 238, 204, 215, 13, 137 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
[write] MD5 and SHA1 hashes: len = 179
0000: 01 00 00 AF 03 03 54 D8 CD AD 55 70 A5 73 87 0F ......T...Up.s..
0010: AB 01 A7 B6 2F 44 E9 35 A4 6F 70 F4 33 FC F0 28 ..../D.5.op.3..(
0020: B2 EE CC D7 0D 89 00 00 2A C0 09 C0 13 00 2F C0 ........*...../.
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................
0050: 04 00 FF 01 00 00 5C 00 0A 00 34 00 32 00 17 00 ......\...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 00 0D 00 1A 00 18 06 03 06 01 05 ................
00A0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00B0: 02 01 01 ...
main, WRITE: TLSv1.2 Handshake, length = 179
[Raw write]: length = 184
0000: 16 03 03 00 B3 01 00 00 AF 03 03 54 D8 CD AD 55 ...........T...U
0010: 70 A5 73 87 0F AB 01 A7 B6 2F 44 E9 35 A4 6F 70 p.s....../D.5.op
0020: F4 33 FC F0 28 B2 EE CC D7 0D 89 00 00 2A C0 09 .3..(........*..
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................
0050: C0 02 C0 0C 00 04 00 FF 01 00 00 5C 00 0A 00 34 ...........\...4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
00B0: 02 03 02 01 02 02 01 01 ........
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at SSLSocketClient.main(SSLSocketClient.java:96)
jdk7应该支持TLSv1.2,但我在支持的协议输出中没有看到它。最后,我发现了问题:当设置为SSL安全模式时,我尝试连接的PRTG服务器:高安全性似乎只接受使用TLSv1.2和密码的安全连接,这仅在Java8上可用 @Petesh感谢您对高安全模式设置的PRTG支持
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS\u ECDHE\u RSA\u和\u AES\u 256\u CBC\u SHAlocal_policy.jarUS_export_policy.jar-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
传入
-Ddeployment.security.TLSv1.1=true-Ddeployment.security.TLSv1.2=trueC:\Program Files\java\jdk1.7.0\u 75\bin\java-Ddeployment.security.TLSv1.1=true-Ddeployment.security.TLSv1.2=true SSLSocketClient启用的协议:TLSv1,支持的协议:SSLv2Hello,设置协议:TLSv1.2,javax.net.ssl.SSLHandshakeException:收到致命警报:握手失败-Dhttps.protocols=TLSv1、TLSv1.1、TLSv1.2警报:TLSv1.2-Dhttps.protocols=TLSv1、TLSv1.1、TLSv1.2no cipher suites in commonTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2