"无法使用 Bouncy Castle Fips Provider 连接到 sqlserver,用于在 FIPS mod 中运行 JSSE"
[英]Can not connect to sqlserver with Bouncy Castle Fips Provider using to run the JSSE in FIPS mod
问题描述
I am in Java 8 v102, using sqljdbc42.jar and jtds-1.3.1.jar to connect to SQL Server 2008 in FIPS mode.
我在 Java 8 v102 中,使用 sqljdbc42.jar 和 jtds-1.3.1.jar 以 FIPS 模式连接到 SQL Server 2008。 I configured my Java with https:\/\/www.bouncycastle.org\/fips\/BCUserGuide.pdf<\/a> , but I am getting the below error.我使用https:\/\/www.bouncycastle.org\/fips\/BCUserGuide.pdf<\/a>配置了我的 Java,但出现以下错误。 How can I resolve this?我该如何解决这个问题?
1 个解决方案
解决方案1
0 2022-02-05 16:14:59
FIPS Mode doesn't allow TrustManager/KeyManager implementation from third-party sources, only SunJSSE KeyManager/TrustManager are supported which are instance of X509TrustManagerImpl/X509KeyManagerImpl . FIPS 模式不允许第三方来源的 TrustManager/KeyManager 实施,仅支持 SunJSSE KeyManager/TrustManager,它们是X509TrustManagerImpl/X509KeyManagerImpl的实例。
I overcame this in postgres jdbc where it allowed me to pass custom sslFactory so I passed org.postgresql.ssl.DefaultJavaSSLFactory which in turn will prevent postgres to send it's own KeyManager implementation and will delegate the process to Java to provide with right KeyManager instance.我在 postgres jdbc 中克服了这个问题,它允许我通过自定义 sslFactory 所以我通过了org.postgresql.ssl.DefaultJavaSSLFactory这反过来会阻止 postgres 发送它自己的 KeyManager 实现并将该过程委托给 Java 以提供正确的 KeyManager 实例。
In other jdbc drivers, you may need to find same configuration to overcome this.在其他 jdbc 驱动程序中,您可能需要找到相同的配置来克服这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.