java - 使用 IBM JDK 6 启用 ECDHE 密码

标签 java ssl sslhandshakeexception

使用 IBM Rational® Software Architect for WebSphere 软件版本:9.0.0.1 和 JDK 6

尝试将 ECDHE 密码添加到运行时环境。在 https://www.ibm.com/support/knowledgecenter/SSYKE2_6.0.0/com.ibm.java.security.component.60.doc/security-component/jsse2Docs/ciphersuites.html ,IBM 说“第二个列表显示了 IBMJSSE 提供程序支持的 (ECDHE) 密码套件,但默认情况下禁用”。

我可以将 ClientHello 更改为 TLSv1.0、TLSv1.1 或 TLSv1.3,但始终会返回相同的密码套件。它们都不是 ECDHE。

如果有人知道如何启用 ECDHE 密码,将不胜感激。

这是控制台输出。

    SSLContextImpl:  Using X509ExtendedKeyManager com.ibm.jsse2.hd
    SSLContextImpl:  Using X509TrustManager com.ibm.jsse2.pc
    JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
    trigger seeding of SecureRandom
    done seeding SecureRandom
    instantiated an instance of class com.ibm.jsse2.SSLSocketFactoryImpl
    IBMJSSE2 will not enable CBC protection
    IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
    JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
    JsseJCE:  Using cipher AES/CBC/NoPadding from provider TBD via init 
    CipherBox:  Using cipher AES/CBC/NoPadding from provider from init IBMJCE version 1.2
    IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
    IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
    IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default

    Is initial handshake: true
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1503070341 bytes = { 152, 50, 18, 78, 108, 96, 63, 98, 44, 14, 255, 58, 89, 161, 90, 194, 150, 17, 22, 60, 58, 30, 156, 194, 83, 148, 201, 11 }
    Session ID:  {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA256withDSA, SHA1withDSA, MD5withRSA
    ***
    main, WRITE: TLSv1.2 Handshake, length = 121
    main, READ: TLSv1.2 Alert, length = 2
    main, RECV TLSv1 ALERT:  fatal, handshake_failure
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.ibm.jsse2.o.a(o.java:8)
        at com.ibm.jsse2.o.a(o.java:4)
        at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:40)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:554)
        at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:223)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:724)
        at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:81)
        at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:8)
        at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:20)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1207)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:390)
        at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:36)
        at Java6withHostHeader.main(Java6withHostHeader.java:94)

最佳答案

在所有回复者的帮助下,我才弄明白了这一点。 首先,我使用此代码列出所有可用的密码,确认所需的 ECDHE 密码已安装但未启用,它给出了每个密码的正确拼写 - https://confluence.atlassian.com/stashkb/files/679609085/679772359/1/1414093373406/Ciphers.java 然后在 IDE 中,我在 Run Configurations/VM Arguments 下设置了以下值并且它起作用了。 -Dhttps.protocols="TLSv1.1"-Dhttps.cipherSuites="SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA、SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 等。"

谢谢大家的帮助

关于java - 使用 IBM JDK 6 启用 ECDHE 密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49037706/

上一篇:python - ssl.SSLZeroReturnError : TLS/SSL connection has been closed (EOF) (_ssl. c:661)

下一篇:r - 有没有办法使用 R 将文件写入使用 SSL 的 FTP 服务器?

相关文章:

java - 使用给定的 p12 证书连接到 https 站点

SSL 网站的 Facebook Open Graph 抓取错误

ssl - Boost SSL 验证过期和自签名证书

amazon-web-services - 在 AWS 的 EC-2 实例中的 IIS 上配置免费 SSL 证书

java - 无法下载站点地图 : SSLHandshakeException: Received fatal alert: handshake_failure

java - 我的图书馆与我的 UNI 应用程序有多个连接

java - 这样的接口(interface)的目的是什么,里面有所有默认方法

ssl - 在 SSL 握手中,数据是否在客户端 pre-master 交换之前被加密?

java - 无法握手具有端口 587 和服务器 ="smtp.gmail.com"的 ssl 套接字

java - Java中使用流比较两个List元素并返回

©2024 IT工具网  联系我们