无法将Netapp（8.1.4P1 7-模式）与jdk1.8.0_181连接

Question

We have below security configuration at storage side (8.1.4P1 7-Mode)

Configurations

tls.enable on
ssl.enable on
ssl.v2.enable off
ssl.v3.enable off

We tried to access storage using NetApp Manageability SDK 5.7 and it is working fine with jdk1.8.0_161.

We upgrade JDK to jdk1.8.0_181 and then we are not able to access it, Its throwing Exception

`2018-08-03 05:06:27,071 [Thread-1469] app-ERROR-javax.net.ssl.SSLException: Connection has been shutdown: `javax.net.ssl.SSLHandshakeException`: Received fatal alert: handshake_failure at` `sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1551)`

    at sun.security.ssl.AppInputStream.read(AppInputStream.java:95)

    at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)

    at netapp.manage.http.HTTPMessage.readLine(HTTPMessage.java:245)

    at netapp.manage.http.HTTPResponse.read(HTTPResponse.java:74)

    at netapp.manage.http.HTTPClient.doRequest(HTTPClient.java:772)

    at netapp.manage.NaServer.invokeHTTP(NaServer.java:955)

As per release notes of jdk "jdk1.8.0_181", JDK 181 disabled "3DES cipher suites".

Is there any way to fix it from NetApp side ?

Answer 1

While not an answer to the direct question of how to solve this from the NetApp side, the problem can be overcome on the application side by removing "3DES_EDE_CBC" from the jdk.tls.disabledAlgorithms security property at runtime. Something like:

final String JDK_TLS_DISABLED_ALGORITHMS = "jdk.tls.disabledAlgorithms";
final String TRIPLE_DES_EDE_CBC = "3DES_EDE_CBC";
final String disabledAlgorithms = Splitter.on(',').trimResults()
        .splitToList(Security.getProperty(JDK_TLS_DISABLED_ALGORITHMS)).stream()
        .filter(algo -> !algo.equals(TRIPLE_DES_EDE_CBC)).collect(joining(", "));
Security.setProperty(JDK_TLS_DISABLED_ALGORITHMS, disabledAlgorithms);