[英]Java 8 , JCE Unlimited Strength Policy and SSL Handshake over TLS
对于仅支持TLSv1 Java 8服务器,它无法从分支OS进行安全套接字连接
版
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
资源
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
/**
* Created by jigar.joshi on 6/10/15.
*/
public class SSLTester {
public static void main(String[] args) throws Exception {
SSLSocketFactory f =
(SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) f.createSocket("efm.sandbox.vovici.com", 443 );
try {
printSocketInfo(socket);
socket.startHandshake();
System.out.println("----------------------------------SUCCESS----------------------------------");
BufferedReader r = new BufferedReader(
new InputStreamReader(socket.getInputStream()));
String m = null;
while ((m = r.readLine()) != null) {
System.out.println(m);
}
r.close();
socket.close();
} catch (IOException e) {
e.printStackTrace();
System.err.println(e.toString());
}
}
private static void printSocketInfo(SSLSocket s) {
System.out.println("Socket class: " + s.getClass());
System.out.println(" Remote address = "
+ s.getInetAddress().toString());
System.out.println(" Remote port = " + s.getPort());
System.out.println(" Local socket address = "
+ s.getLocalSocketAddress().toString());
System.out.println(" Local address = "
+ s.getLocalAddress().toString());
System.out.println(" Local port = " + s.getLocalPort());
System.out.println(" Need client authentication = "
+ s.getNeedClientAuth());
SSLSession ss = s.getSession();
System.out.println(" Cipher suite = " + ss.getCipherSuite());
System.out.println(" Protocol = " + ss.getProtocol());
}
}
使用相同版本的JVM,它在OSX上成功握手,在TLSv1.2上失败,失败的原因是它只尝试使用TLSv1.2 (JVM 8中的默认值)并且不尝试使用较低的协议
调试说明:
-Ddeployment.security.TLSv1.0=true
-Ddeployment.security.TLSv1=true
-Ddeployment.security.TLSv1.1=false
-Ddeployment.security.TLSv1.2=false
-Djavax.net.debug=ssl:handshake:verbose
题:
为什么它能够在OSX上而不是在CentOS上选择TLSv1 ?
如何告诉JVM按特定顺序使用协议,或者如果它按版本考虑顺序,那么我怎么能告诉它也尝试使用v1
编辑:
我有无限强度JCE策略与JRE一起安装,导致这种情况,它没有这个,所以OSX和CentOS差异消失了,我怎么能让它工作?
编辑:
产量
Socket class: class sun.security.ssl.SSLSocketImpl
Remote address = efm.sandbox.vovici.com/206.132.29.15
Remote port = 443
Local socket address = /10.10.152.143:50376
Local address = /10.10.152.143
Local port = 50376
Need client authentication = false
Cipher suite = SSL_NULL_WITH_NULL_NULL
Protocol = NONE
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1529)
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1541)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
at SSLTester.main(SSLTester.java:24)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:980)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2225)
at SSLTester.printSocketInfo(SSLTester.java:56)
at SSLTester.main(SSLTester.java:23)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
... 5 more
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
尝试使用以下方法将协议限制为TLSv1 :
-Djdk.tls.client.protocols=TLSv1
有关更多详细信息,请参阅此页面: https : //docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#descPhase2
希望这可以帮助,
尤里
Java错误:请安装JCE无限强度管辖权策略文件
[英]Java Error: please install JCE Unlimited Strength Jurisdiction Policy files
java.security.InvalidKeyException:虽然Android Studio上安装了JCE Unlimited Strength Jurisdiction Policy,但密钥大小非常大
[英]java.security.InvalidKeyException: Illegal key size although JCE Unlimited Strength Jurisdiction Policy is installed on Android Studio
我将如何将 Java 加密扩展 (JCE) 无限强度管辖策略导入 build.gradle
[英]how would i import Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy into build.gradle
尽管安装了JCE无限强度管辖权策略文件,但Java“密钥大小非法”
[英]Java “Illegal key size” despite having installed JCE Unlimited Strength Jurisdiction Policy Files
非法密钥大小:可能需要为JRE安装Java Cryptography Extension(JCE)Unlimited Strength Jurisdiction Policy Files
[英]Illegal key size: possibly you need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JRE
Java密码术扩展(JCE)无限强度仍然给出异常
[英]Java Cryptography Extension (JCE) Unlimited Strength still gives exception
Bluemix-Java应用程序-如何为无限的JCE强度打补丁?
[英]Bluemix - Java Application - How to patch for Unlimited JCE Strength?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.