[英]TSL 1.2 issue with Glassfish 3.1.2.2
I am trying to update TSL to 1.2 on glassfish v3.1.2.2 server, and I have tried for days I got no luck.我正在尝试在 glassfish v3.1.2.2 服务器上将 TSL 更新到 1.2,我已经尝试了几天,但没有成功。
when I put below configuration to glassfish当我将以下配置放入 glassfish 时
-Djdk.tls.client.protocols=TLSv1.2
or
-Dhttps.protocols=TLSv1.2
I got following error:我收到以下错误:
Severe: PWC3989: An exception or error occurred in the container during the request processing
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
at com.sun.jersey.api.client.filter.CsrfProtectionFilter.handle(CsrfProtectionFilter.java:97)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:563)
at org.glassfish.admingui.common.security.AdminConsoleAuthModule.validateRequest(AdminConsoleAuthModule.java:256)
at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1171)
at com.sun.web.security.RealmAdapter.validate(RealmAdapter.java:1452)
at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1330)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:623)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:449)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:203)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1139)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler$1$1.getOutputStream(URLConnectionClientHandler.java:225)
at com.sun.jersey.api.client.CommittingOutputStream.commitWrite(CommittingOutputStream.java:117)
at com.sun.jersey.api.client.CommittingOutputStream.write(CommittingOutputStream.java:89)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at com.sun.jersey.core.util.ReaderWriter.writeToAsString(ReaderWriter.java:191)
at com.sun.jersey.core.provider.AbstractMessageReaderWriterProvider.writeToAsString(AbstractMessageReaderWriterProvider.java:128)
at com.sun.jersey.core.impl.provider.entity.BaseFormProvider.writeTo(BaseFormProvider.java:109)
at com.sun.jersey.core.impl.provider.entity.FormMultivaluedMapProvider.writeTo(FormMultivaluedMapProvider.java:99)
at com.sun.jersey.core.impl.provider.entity.FormMultivaluedMapProvider.writeTo(FormMultivaluedMapProvider.java:59)
at com.sun.jersey.api.client.RequestWriter.writeRequestEntity(RequestWriter.java:300)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:204)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:147)
... 32 more
I have to get the update done, due to the update from the payment gateway company.由于支付网关公司的更新,我必须完成更新。 If this does not work, none of the transaction will go through.
如果这不起作用,则所有事务都不会通过 go。 please help, thank you
请帮助,谢谢
In short:简而言之:
See details at https://stackoverflow.com/a/49523279详情请见https://stackoverflow.com/a/49523279
I had a similar issue even while using Java 8. After a bit of debugging, I found that there are some security enhancements done in Java 8 after build 65, which were causing the issue.即使在使用 Java 8 时我也遇到了类似的问题。经过一些调试后,我发现在构建 65 之后在 Java 8 中进行了一些安全增强,这导致了这个问题。 The server was using TLS v1 while it was disabled into client side.so, I did override the property
服务器在禁用到客户端时使用 TLS v1。所以,我确实覆盖了该属性
Security.setProperty("jdk.tls.disabledAlgorithms","");
I am using java 8 for this you need to write jre-1.8 = $ {jre-1.7}
at the bottom of the osgi.properties
file .\\glassfish3\\glassfish\\config
.我为此使用 java 8,您需要在
osgi.properties
文件.\\glassfish3\\glassfish\\config
的底部写入jre-1.8 = $ {jre-1.7}
。
Then you need to edit domain.xml
\\glassfish3\\glassfish\\domains\\DOMAIN_NAME\\config
add tls-enabled = "false" tls11-enabled = "false" tls12-enabled = "true"
to the ssl tag in your http-listener.然后你需要编辑
domain.xml
\\glassfish3\\glassfish\\domains\\DOMAIN_NAME\\config
添加tls-enabled = "false" tls11-enabled = "false" tls12-enabled = "true"
到你的 http-listener 的 ssl 标签。
The following worked for me:以下对我有用:
grizzly-config.jar
(from here ) into <GF3_INSTALL>/glassfish/modules/
grizzly-config.jar
(从这里)复制到<GF3_INSTALL>/glassfish/modules/
来应用这里提到的补丁-Dhttps.protocols=TLSv1.2
to the server JVM Options-Dhttps.protocols=TLSv1.2
到服务器 JVM 选项
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.