由於 SSL 握手錯誤，stopSever.sh 在創建 SOAP 連接器時失敗

Question

我正在嘗試在 WAS 9.0.5.5 上部署 web 應用程序。 它是一個沒有管理節點的獨立節點。 在創建一個空配置文件並使用 startServer.sh 啟動它之后，一切都很好，並且 WAS 控制台（9043 端口）可用。 但是在應用部署之后，發現經過長時間的 SSL 握手后，WAS 控制台無法訪問。 不知道為什么會發生這種情況，因為我沒有更改任何 SSL 設置。 可以看到在控制台和 ssl.client.props 中都設置了 SSL_TLSv2

com.ibm.ssl.alias=DefaultSSLSettings
com.ibm.ssl.protocol=SSL_TLSv2
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustManager=IbmPKIX
com.ibm.ssl.keyManager=IbmX509
com.ibm.ssl.contextProvider=IBMJSSE2
com.ibm.ssl.enableSignerExchangePrompt=gui

stopServer.sh 也因以下錯誤而失敗。 對我離開這里有什么建議嗎？

    ************ Start Display Current Environment ************
Host Operating System is Linux, version 3.10.0-1062.el7.x86_64
Java version = 1.8.0_261, Java Runtime Version = 8.0.6.16 - pxa6480sr6fp16-20200902_01(SR6 FP16), Java Compiler = j9jit29, Java VM name = IBM J9 VM
was.install.root = /opt/IBM/WebSphere/AppServer
user.install.root = /opt/IBM/WebSphere/AppServer/profiles/MPA
Java Home = /opt/IBM/WebSphere/AppServer/java/8.0/jre
ws.ext.dirs = /opt/IBM/WebSphere/AppServer/java/8.0/lib:/opt/IBM/WebSphere/AppServer/classes:/opt/IBM/WebSphere/AppServer/lib:/opt/IBM/WebSphere/AppServer/installedChannels:/opt/IBM/WebSphere/AppServer/lib/ext:/opt/IBM/WebSphere/AppServer/web/help:/opt/IBM/WebSphere/AppServer/deploytool/itp/plugins/com.ibm.etools.ejbdeploy/runtime
Classpath = /opt/IBM/WebSphere/AppServer/profiles/MPA/properties:/opt/IBM/WebSphere/AppServer/properties:/opt/IBM/WebSphere/AppServer/lib/startup.jar:/opt/IBM/WebSphere/AppServer/lib/bootstrap.jar:/opt/IBM/WebSphere/AppServer/java/8.0/lib/tools.jar:/opt/IBM/WebSphere/AppServer/lib/lmproxy.jar:/opt/IBM/WebSphere/AppServer/lib/urlprotocols.jar
Java Library path = /opt/IBM/WebSphere/AppServer/java/8.0/jre/lib/amd64/compressedrefs:/opt/IBM/WebSphere/AppServer/java/8.0/jre/lib/amd64:/opt/IBM/WebSphere/AppServer/lib/native/linux/x86_64/:/opt/IBM/WebSphere/AppServer/bin:/opt/IBM/WebSphere/AppServer/nulldllsdir:/usr/lib64:/usr/lib
Orb Version = IBM Java ORB build orbdev-userlvl-20200106.1711
Max file descriptor count = 50000
Current trace specification = *=info
************* End Display Current Environment *************
[12/16/20 1:48:06:032 PST] 00000001 ManagerAdmin  I   TRAS0017I: The startup trace state is *=info.
[12/16/20 1:48:06:132 PST] 00000001 AdminTool     A   ADMU0128I: Starting tool with the MPA profile
[12/16/20 1:48:06:133 PST] 00000001 AdminTool     A   ADMU3100I: Reading configuration for server: mpa_server
[12/16/20 1:48:06:169 PST] 00000001 ModelMgr      I   WSVR0801I: Initializing all server configuration models
[12/16/20 1:48:08:657 PST] 00000001 ProviderTrack I com.ibm.ffdc.osgi.ProviderTracker AddingService FFDC1007I: FFDC Provider Installed: com.ibm.ffdc.util.provider.FfdcOnDirProvider@5896a505
[12/16/20 1:48:08:921 PST] 00000001 SSLConfig     W   CWPKI0041W: One or more key stores are using the default password.
[12/16/20 1:48:08:929 PST] 00000001 SSLConfigMana I   CWPKI0051I: The process has the java security property jdk.certpath.disabledAlgorithms set to [MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224].  The WebSphere Application server is setting the java security property jdk.certpath.disabledAlgorithms to [MD2, RSA keySize < 1024, MD5]. 
[12/16/20 1:48:08:930 PST] 00000001 SSLConfigMana I   CWPKI0051I: The process has the java security property jdk.tls.disabledAlgorithms set to [SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, EC keySize < 224, 3DES_EDE_CBC, anon, NULL].  The WebSphere Application server is setting the java security property jdk.tls.disabledAlgorithms to [SSLv3, RC4, DH keySize < 768, MD5withRSA]. 
[12/16/20 1:48:08:933 PST] 00000001 SSLConfigMana I   CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.
[12/16/20 1:48:08:962 PST] 00000001 SecurityObjec I   CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
[12/16/20 1:51:15:474 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.1445219360461837085.txt com.ibm.ws.ssl.channel.impls.SSLUtils 1052
[12/16/20 1:51:15:601 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.5712207576305752668.txt com.ibm.ws.ssl.channel.impl.SSLConnectionLink 540
[12/16/20 1:51:15:919 PST] 00000001 SecurityObjec I   CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
[12/16/20 1:51:15:920 PST] 00000001 SecurityConne A   JSAS0006I: Security connection interceptor init

ialized.
[12/16/20 1:51:15:935 PST] 00000001 ServiceInit   A   JSAS0001I: Security configuration initialized.
[12/16/20 1:51:15:936 PST] 00000001 ServiceInit   A   JSAS0003I: Authentication mechanism: BASICAUTH
[12/16/20 1:51:15:974 PST] 00000001 CSIClientRI   A   JSAS0007I: Client request interceptor registered.
[12/16/20 1:51:16:639 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.7382828071492998187.txt com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket 222
[12/16/20 1:51:16:828 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.5725476233661856283.txt com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket 270
[12/16/20 1:51:16:884 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.2654931705161208931.txt com.ibm.ws.naming.util.CommonHelpers.retry 876
[12/16/20 1:51:16:984 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.1815847588980124586.txt com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt 1443
[12/16/20 1:51:16:996 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.1476667816130282325.txt com.ibm.ws.naming.util.Helpers.logJndiContextException 1636
[12/16/20 1:51:17:080 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.6880057812892354780.txt com.ibm.ws.management.connector.rmi.RMIConnectorClient.reconnect 237
[12/16/20 1:51:17:260 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.5125431433737765534.txt com.ibm.websphere.management.AdminClientFactory.createAdminClient 267
[12/16/20 1:51:17:563 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.3289464480553651737.txt com.ibm.ws.management.connector.jsr160rmi.JSR160RMIConnectorClient.reconnect 179
[12/16/20 1:51:17:668 PST] 00000001 Ffdc          I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.2859402585966834209.txt com.ibm.websphere.management.AdminClientFactory.createAdminClient 275
[12/16/20 1:51:17:674 PST] 00000001 WsServerStop  E   ADMU3002E: Exception attempting to process server mpa_server
[12/16/20 1:51:17:675 PST] 00000001 WsServerStop  E   ADMU3007E: Exception com.ibm.websphere.management.exception.ConnectorException: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host dyn-23.datadomain.com at port 8880.
[12/16/20 1:51:17:676 PST] 00000001 WsServerStop  A   ADMU3007E: Exception com.ibm.websphere.management.exception.ConnectorException: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host dyn-23.datadomain.com at port 8880.
    at com.ibm.ws.management.connector.ConnectorHelper.createConnector(ConnectorHelper.java:628)
    at com.ibm.ws.management.tools.WsServerStop.runTool(WsServerStop.java:373)
    at com.ibm.ws.management.tools.AdminTool.executeUtility(AdminTool.java:271)
    at com.ibm.ws.management.tools.WsServerStop.main(WsServerStop.java:113)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234)
    at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:101)
    at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:82)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587)
    at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198)
    at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
    at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
    at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:354)
    at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:181)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340)
    at org.eclipse.core.launcher.Main.basicRun(Main.java:282)
    at org.eclipse.core.launcher.Main.run(Main.java:981)
    at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:422)
    at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:179)
Caused by: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host dyn-23.datadomain.com at port 8880.
    at com.ibm.websphere.management.AdminClientFactory.createAdminClientPrivileged(AdminClientFactory.java:635)
    at com.ibm.websphere.management.AdminClientFactory.access$000(AdminClientFactory.java:127)
    at com.ibm.websphere.management.AdminClientFactory$1.run(AdminClientFactory.java:210)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:63)
    at com.ibm.websphere.management.AdminClientFactory.createAdminClient(AdminClientFactory.java:206)
    at com.ibm.ws.management.connector.ConnectorHelper.tryProtocol(ConnectorHelper.java:665)
    at com.ibm.ws.management.connector.ConnectorHelper.createConnector(ConnectorHelper.java:597)
    ... 29 more
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
    at com.ibm.websphere.management.AdminClientFactory.createAdminClientPrivileged(AdminClientFactory.java:457)
    ... 35 more
Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error]
    at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:439)
    at com.ibm.ws.management.connector.soap.SOAPConnectorClient.<init>(SOAPConnectorClient.java:238)
    ... 40 more
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error]
    at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:475)
    at org.apache.soap.rpc.Call.WASinvoke(Call.java:510)
    at com.ibm.ws.management.connector.soap.SOAPConnectorClient$4.run(SOAPConnectorClient.java:397)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:382)
    ... 41 more

[12/16/20 1:51:17:692 PST] 00000001 AdminTool     A   ADMU0509I: The server "mpa_server" cannot be reached. It appears to be stopped.
[12/16/20 1:51:17:693 PST] 00000001 AdminTool     A   ADMU0211I: Error details may be seen in the file: /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/mpa_server/stopServer.log

Answer 1

LE：我設法解決了這個問題。 就我而言，唯一支持的協議是“SSL_TLS”，更多關於https://www.ibm.com/docs/en/imdmcdhsa/11.6.0?topic=server-setting-ssl-protocol-version 的協議

我還更新了 security.xml 文件，盡管提到這僅在 TLSv1.2 協議案例中是必需的。