堆棧內存溢出
  簡體   English   中英

SSL 握手異常:“算法約束檢查失敗:MD5withRSA”

[英]SSL handshake exception: “Algorithm constraints check failed: MD5withRSA”

 原文  2014-01-19 14:48:32       java/ ssl

問題描述

我嘗試安裝 Oracle Entitlements Server Client。 當我打電話

config.cmd -smConfigId Sample-SM -prpFileName C:\oracle\product\11.1.2\as_1\oessm\SMConfigTool\smconfig.java.controlled.prp

我得到了這個例外:

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
        at java.io.OutputStream.write(OutputStream.java:75)
        at oracle.security.oes.enroll.EnrollmentClient.writeToSocket(EnrollmentClient.java:330)
        at oracle.security.oes.enroll.EnrollmentClient.enroll(EnrollmentClient.java:161)
        at oracle.security.oes.enroll.EnrollmentClient.main(EnrollmentClient.java:478)
        at oracle.security.oes.tools.EnrollmentTool.doEnroll(EnrollmentTool.java:103)
        at oracle.security.oes.tools.SMConfigTool.doEnrollment(SMConfigTool.java:1192)
        at oracle.security.oes.tools.SMConfigTool.run(SMConfigTool.java:617)
        at oracle.security.oes.tools.SMConfigTool.main(SMConfigTool.java:546)
    Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
        ... 15 more
    Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
        at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
        at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
        at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
        ... 21 more
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA

你能幫我找個理由嗎?

2 個解決方案

解決方案1
 45  2016-01-20 09:31:15

該問題是由 Oracle 禁用不再被認為是安全的哈希算法引起的。 看一眼

JRE_HOME/lib/security/java.security

它包含以下屬性:

jdk.certpath.disabledAlgorithms
jdk.tls.disabledAlgorithms

您可以適當調整它們。 例如,從前者中刪除MD5 ,從后者中刪除MD5withRSA

docker 鏡像提示:

在一些/etc/crypto-policies/back-ends/java.config中還有額外的配置文件/etc/crypto-policies/back-ends/java.config ,比如在我的例子中, keycloak覆蓋了java.security

解決方案2
 4 已采納  2016-05-24 06:01:36

keyser在評論中給出了答案的方向。

問題在於密鑰的長度。 簡而言之: “從 7u40 開始,使用長度小於 1024 位的 RSA 密鑰的 x.509 證書受到限制。”

所以解決這個問題的正確方法是使用密鑰長度至少為 2048 位的證書。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 簽名算法的算法約束檢查失敗:MD5withRSA java CertPathValidatorException:簽名算法:MD2withRSA的算法約束檢查失敗 如何在 Java 中的字符串上應用 MD5withRSA java.security.NoSuchAlgorithmException:未找到簽名MD5WITHRSA實現 Android SSL握手異常 帶有SSL的RMI:握手失敗 SSL握手異常 簽名算法的算法約束檢查失敗:SHA256WithRSAEncryption 簽名算法 SHA256withRSA 在 Java 中失敗 SSL 握手失敗 Android 5.1
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM