Fatal编程技术网
  • tomcat/
  • Tomcat Grails前端应用程序与升级到TLS 1.1的API对话时出现握手错误

Tomcat Grails前端应用程序与升级到TLS 1.1的API对话时出现握手错误

tomcat grails

Tomcat Grails前端应用程序与升级到TLS 1.1的API对话时出现握手错误,tomcat,grails,tls1.2,Tomcat,Grails,Tls1.2,API服务器早期支持TLS 1.0版,一切正常。在它停止支持1.0之后,开始出现这些错误- Remote host closed connection during handshake [08:50:16.593] [] ERROR UserProfileService :200 - wslite.rest.RESTClientException: Remote host closed connection during handshake [08:50:16.593] []

API服务器早期支持TLS 1.0版,一切正常。在它停止支持1.0之后,开始出现这些错误-

 Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService         :200  - wslite.rest.RESTClientException: Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService         :200  - null
在本地设置中,我们通过runapp命令直接在eclipse上运行Grails应用程序。为了解决这里的TLS问题,我们将
jvmArgs
config添加到应用程序配置文件
BuildConfig.groovy
,它可以-

grails.project.fork = [
    // configure settings for the run-app JVM
    run: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]
在sandbox服务器上,我们通过在tomcat服务器上部署war文件来运行应用程序。我们尝试将相同的配置更改添加到配置文件中的war属性中,但没有成功-

grails.project.fork = [
    // configure settings for the run-war JVM
    war: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]
然后,我们也向tomcat config提到了同样的问题,但仍然没有成功。下面是catalina日志,显示tomcat正在使用更新的TLS配置-

INFO: CATALINA_HOME:         /opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.config.file=/opt/tomcat7-cpp2/conf/logging.properties
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttps.protocol=TLSv1.1,TLSv1.2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=/opt/tomcat7-cpp2/endorsed
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.io.tmpdir=/opt/tomcat7-cpp2/temp
May 31, 2018 8:49:18 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found o
n the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
但是,我们无法确认应用程序是否正在读取针对war属性定义的更新TLS配置

任何帮助或指示都将不胜感激。

看起来您的Tomcat配置中有一个输入错误,您指定了
-Dhttps.protocol=TLSv1.1,TLSv1.2
。正确的系统变量是https.protocols(带s)。

您的服务器运行的是什么版本的JVM?我假设您已经检查过它是否支持TLS1.2?@Robert是的,我们有支持TLS1.1和1.2的Java1.7。