堆栈内存溢出
  简体   繁体   English

Glassfish 3.1.2.2 的 TSL 1.2 问题

[英]TSL 1.2 issue with Glassfish 3.1.2.2

 原文  2017-03-01 21:18:03       java/ glassfish-3/ tls1.2

问题描述

I am trying to update TSL to 1.2 on glassfish v3.1.2.2 server, and I have tried for days I got no luck.我正在尝试在 glassfish v3.1.2.2 服务器上将 TSL 更新到 1.2,我已经尝试了几天,但没有成功。
when I put below configuration to glassfish当我将以下配置放入 glassfish 时

-Djdk.tls.client.protocols=TLSv1.2
or
 -Dhttps.protocols=TLSv1.2

I got following error:我收到以下错误:

Severe: PWC3989: An exception or error occurred in the container during the request processing
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
    at com.sun.jersey.api.client.filter.CsrfProtectionFilter.handle(CsrfProtectionFilter.java:97)
    at com.sun.jersey.api.client.Client.handle(Client.java:648)
    at com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81)
    at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
    at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
    at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:563)
    at org.glassfish.admingui.common.security.AdminConsoleAuthModule.validateRequest(AdminConsoleAuthModule.java:256)
    at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1171)
    at com.sun.web.security.RealmAdapter.validate(RealmAdapter.java:1452)
    at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1330)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:623)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
    at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
    at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
    at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
    at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
    at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
    at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
    at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
    at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:449)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:203)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1139)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler$1$1.getOutputStream(URLConnectionClientHandler.java:225)
    at com.sun.jersey.api.client.CommittingOutputStream.commitWrite(CommittingOutputStream.java:117)
    at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    at java.io.BufferedWriter.flush(BufferedWriter.java:254)
    at com.sun.jersey.core.util.ReaderWriter.writeToAsString(ReaderWriter.java:191)
    at com.sun.jersey.core.provider.AbstractMessageReaderWriterProvider.writeToAsString(AbstractMessageReaderWriterProvider.java:128)
    at com.sun.jersey.core.impl.provider.entity.BaseFormProvider.writeTo(BaseFormProvider.java:109)
    at com.sun.jersey.core.impl.provider.entity.FormMultivaluedMapProvider.writeTo(FormMultivaluedMapProvider.java:99)
    at com.sun.jersey.core.impl.provider.entity.FormMultivaluedMapProvider.writeTo(FormMultivaluedMapProvider.java:59)
    at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300)
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:204)
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:147)
    ... 32 more

I have to get the update done, due to the update from the payment gateway company.由于支付网关公司的更新,我必须完成更新。 If this does not work, none of the transaction will go through.如果这不起作用,则所有事务都不会通过 go。 please help, thank you请帮助,谢谢

4 个解决方案

解决方案1
 0  2018-08-02 01:37:19

In short:简而言之:

  • this needs Java 8 or Java 7 v1.7.0_131-b31 (which enable by default TLS v1.2 on client sockets)这需要 Java 8 或 Java 7 v1.7.0_131-b31(默认情况下在客户端套接字上启用 TLS v1.2)
    OR at least Java 7u95 (on which TLS v1.2 should be enabled on client sockets)至少 Java 7u95(应在客户端套接字上启用 TLS v1.2)
  • Then setup Glassfish for using TLS v1.2然后设置 Glassfish 以使用 TLS v1.2

See details at https://stackoverflow.com/a/49523279详情请见https://stackoverflow.com/a/49523279

解决方案2
 0  2018-08-14 09:53:38

I had a similar issue even while using Java 8. After a bit of debugging, I found that there are some security enhancements done in Java 8 after build 65, which were causing the issue.即使在使用 Java 8 时我也遇到了类似的问题。经过一些调试后,我发现在构建 65 之后在 Java 8 中进行了一些安全增强,这导致了这个问题。 The server was using TLS v1 while it was disabled into client side.so, I did override the property服务器在禁用到客户端时使用 TLS v1。所以,我确实覆盖了该属性

  Security.setProperty("jdk.tls.disabledAlgorithms","");

解决方案3
 0  2020-08-19 06:58:00

I am using java 8 for this you need to write jre-1.8 = $ {jre-1.7} at the bottom of the osgi.properties file .\\glassfish3\\glassfish\\config .我为此使用 java 8,您需要在osgi.properties文件.\\glassfish3\\glassfish\\config的底部写入jre-1.8 = $ {jre-1.7}

Then you need to edit domain.xml \\glassfish3\\glassfish\\domains\\DOMAIN_NAME\\config add tls-enabled = "false" tls11-enabled = "false" tls12-enabled = "true" to the ssl tag in your http-listener.然后你需要编辑domain.xml \\glassfish3\\glassfish\\domains\\DOMAIN_NAME\\config添加tls-enabled = "false" tls11-enabled = "false" tls12-enabled = "true"到你的 http-listener 的 ssl 标签。

Details about edit domain.xml 有关编辑 domain.xml 的详细信息

解决方案4
 0  2022-12-05 22:44:45

The following worked for me:以下对我有用:

  • upgraded to Java 8u341升级到 Java 8u341
  • applied the patch mentioned here by copying the patched grizzly-config.jar (from here ) into <GF3_INSTALL>/glassfish/modules/通过将修补后的grizzly-config.jar (从这里)复制到<GF3_INSTALL>/glassfish/modules/来应用这里提到的补丁
  • added -Dhttps.protocols=TLSv1.2 to the server JVM Options添加-Dhttps.protocols=TLSv1.2到服务器 JVM 选项
  • restarted the server重启服务器

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Glassfish 3.1.2.2中的部署问题 - Deployment issue in Glassfish 3.1.2.2 Glassfish 3.1.2.2 build 5中的SerializationUtils.clone问题 - SerializationUtils.clone issue in Glassfish 3.1.2.2 build 5 JavaEE6 + Glassfish3.1.2.2 + EJB3.1的问题 - issue with JavaEE6+Glassfish3.1.2.2+EJB3.1 在Glassfish v 3.1.2.2上使用反射的问题 - Issue with using reflection on glassfish v 3.1.2.2 Glassfish 3.1.2.2。 在Linux环境下构建5耳应用程序部署问题 - Glassfish 3.1.2.2. build 5 ear application deployment issue at linux environment Glassfish 3.1.2.2文件上传 - Glassfish 3.1.2.2 file upload Glassfish 3.1.2.2和重用Bundle ID - Glassfish 3.1.2.2 and reusing Bundle ID 滚动升级应用程序Glassfish 3.1.2.2 - Rolling Upgrade Application Glassfish 3.1.2.2 如何在glassfish 3.1.2.2上安装ssl - how to install ssl on glassfish 3.1.2.2 Azure中Glassfish 3.1.2.2上的远程EJB - Remote EJB on Glassfish 3.1.2.2 in Azure
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM