我想使用 spring 云网关将所有 http 请求路由到 https 服务,但总是收到 handshake_failure。
将所有内容路由到 https://google.com例如有效,但对于我自己的服务及其私有(private)证书,由我自己的私有(private) CA 创建和签名,它没有,尽管我通过 -Djavax.net.ssl.trustStore 提供了匹配的信任库和设置 useInsecureTrustManager: true。那么这里有什么问题呢?
我的 spring 云网关配置:
server:
port: ${PORT:8081}
spring:
application:
name: gateway-service
cloud:
gateway:
httpclient:
ssl:
useInsecureTrustManager: true
routes:
- id: after_route
uri: https://my.server:2900/server/ping
predicates:
- After=2017-01-20T17:42:47.789-07:00[America/Denver]
然后注销 -Djavax.net.debug=all:
2019-07-30 14:14:27.206 INFO 8257 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration' of type [org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration$$EnhancerBySpringCGLIB$$ddc24342] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.6.RELEASE)
2019-07-30 14:14:27.315 INFO 8257 --- [ main] com.tobias.gateway.Gateway : No active profile set, falling back to default profiles: default
2019-07-30 14:14:27.704 INFO 8257 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=90eb380c-f88b-3401-b688-6ef3ead8e5f1
2019-07-30 14:14:27.724 INFO 8257 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration' of type [org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration$$EnhancerBySpringCGLIB$$ddc24342] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:27.950 CEST|SSLContextImpl.java:427|System property jdk.tls.client.cipherSuites is set to 'null'
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:27.953 CEST|SSLContextImpl.java:427|System property jdk.tls.server.cipherSuites is set to 'null'
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:27.974 CEST|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:27.984 CEST|SSLContextImpl.java:401|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2019-07-30 14:14:27.984 CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
...
... Lots of other ignored cipher suites
...
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.009 CEST|TrustStoreManager.java:112|trustStore is: truststore.jks
trustStore type is: pkcs12
trustStore provider is:
the last modified time is: Wed Apr 10 10:36:03 CEST 2019
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.009 CEST|TrustStoreManager.java:311|Reload the trust store
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.022 CEST|TrustStoreManager.java:318|Reload trust certs
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.022 CEST|TrustStoreManager.java:323|Reloaded 1 trust certs
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.026 CEST|X509TrustManagerImpl.java:79|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "00 E0 97 A2 3A FB A3 C1 44",
"signature algorithm": "SHA256withRSA",
"issuer" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"not before" : "2018-10-05 13:38:39.000 CEST",
"not after" : "2023-10-04 13:38:39.000 CEST",
"subject" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
}
]}
)
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.026 CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.026 CEST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.040 CEST|TrustStoreManager.java:112|trustStore is: truststore.jks
trustStore type is: pkcs12
trustStore provider is:
the last modified time is: Wed Apr 10 10:36:03 CEST 2019
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.041 CEST|X509TrustManagerImpl.java:79|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "00 E0 97 A2 3A FB A3 C1 44",
"signature algorithm": "SHA256withRSA",
"issuer" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"not before" : "2018-10-05 13:38:39.000 CEST",
"not after" : "2023-10-04 13:38:39.000 CEST",
"subject" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
}
]}
)
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.041 CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.042 CEST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.048 CEST|TrustStoreManager.java:112|trustStore is: truststore.jks
trustStore type is: pkcs12
trustStore provider is:
the last modified time is: Wed Apr 10 10:36:03 CEST 2019
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.049 CEST|X509TrustManagerImpl.java:79|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "00 E0 97 A2 3A FB A3 C1 44",
"signature algorithm": "SHA256withRSA",
"issuer" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"not before" : "2018-10-05 13:38:39.000 CEST",
"not after" : "2023-10-04 13:38:39.000 CEST",
"subject" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
}
]}
)
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.049 CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.049 CEST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.055 CEST|TrustStoreManager.java:112|trustStore is: truststore.jks
trustStore type is: pkcs12
trustStore provider is:
the last modified time is: Wed Apr 10 10:36:03 CEST 2019
javax.net.ssl|DEBUG|01|main|2019-07-30 14:14:28.056 CEST|X509TrustManagerImpl.java:79|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "00 E0 97 A2 3A FB A3 C1 44",
"signature algorithm": "SHA256withRSA",
"issuer" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"not before" : "2018-10-05 13:38:39.000 CEST",
"not after" : "2023-10-04 13:38:39.000 CEST",
"subject" : "EMAILADDRESS=my@e.mail, CN=My Root Certificate Authority, OU=My OU, O=Me, L=Hamburg, ST=Hamburg, C=DE",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 87 FB AB 07 09 69 28 5C 53 05 29 49 44 B1 5C C7 .....i(\S.)ID.\.
0010: E2 A3 54 22 ..T"
]
]
}
]}
)
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.056 CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.056 CEST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.068 CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2019-07-30 14:14:28.068 CEST|SSLContextImpl.java:119|done seeding of SecureRandom
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [After]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Before]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Between]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Cookie]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Header]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Host]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Method]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Path]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Query]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [ReadBodyPredicateFactory]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [RemoteAddr]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [Weight]
2019-07-30 14:14:28.408 INFO 8257 --- [ main] o.s.c.g.r.RouteDefinitionRouteLocator : Loaded RoutePredicateFactory [CloudFoundryRouteService]
2019-07-30 14:14:28.828 INFO 8257 --- [ main] o.s.b.web.embedded.netty.NettyWebServer : Netty started on port(s): 8081
2019-07-30 14:14:28.832 INFO 8257 --- [ main] com.tobias.gateway.Gateway : Started Gateway in 2.114 seconds (JVM running for 2.72)
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.298 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.298 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.298 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.299 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.299 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.299 CEST|HandshakeContext.java:290|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.308 CEST|SupportedGroupsExtension.java:841|Ignore inactive or disabled named group: ffdhe2048
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.309 CEST|SupportedGroupsExtension.java:841|Ignore inactive or disabled named group: ffdhe3072
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.309 CEST|SupportedGroupsExtension.java:841|Ignore inactive or disabled named group: ffdhe4096
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.309 CEST|SupportedGroupsExtension.java:841|Ignore inactive or disabled named group: ffdhe6144
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.309 CEST|SupportedGroupsExtension.java:841|Ignore inactive or disabled named group: ffdhe8192
javax.net.ssl|WARNING|29|reactor-http-nio-6|2019-07-30 14:14:36.313 CEST|SignatureScheme.java:282|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|29|reactor-http-nio-6|2019-07-30 14:14:36.314 CEST|SignatureScheme.java:282|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|ALL|29|reactor-http-nio-6|2019-07-30 14:14:36.317 CEST|SignatureScheme.java:358|Ignore disabled signature sheme: rsa_md5
javax.net.ssl|INFO|29|reactor-http-nio-6|2019-07-30 14:14:36.317 CEST|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.317 CEST|SSLExtensions.java:256|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.318 CEST|ClientHello.java:651|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "BC 92 B0 0D 8A 40 3B CD E7 64 2D 46 A3 49 24 55 08 48 3A BC 02 B3 31 89 20 B2 F3 68 32 AF C4 82",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035)]",
"compression methods" : "00",
"extensions" : [
]
}
)
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.329 CEST|SSLEngineOutputRecord.java:507|WRITE: TLS12 handshake, length = 260
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.330 CEST|SSLEngineOutputRecord.java:525|Raw write (
0000: 16 03 03 01 04 01 00 01 00 03 03 BC 92 B0 0D 8A ................
0010: 40 3B CD E7 64 2D 46 A3 49 24 55 08 48 3A BC 02 @;..d-F.I$U.H:..
0020: B3 31 89 20 B2 F3 68 32 AF C4 82 00 00 10 C0 2C .1. ..h2.......,
0030: C0 2B C0 2F C0 13 C0 14 00 9C 00 2F 00 35 01 00 .+./......./.5..
0040: 00 C7 00 00 00 21 00 1F 00 00 1C 70 6C 61 79 67 .....!.....playg
0050: 72 6F 75 6E 64 2E 6D 61 63 68 69 6E 65 73 2E 6E round.machines.n
0060: 37 6C 61 62 2E 69 6F 00 05 00 05 01 00 00 00 00 7lab.io.........
0070: 00 0A 00 16 00 14 00 17 00 18 00 19 00 09 00 0A ................
0080: 00 0B 00 0C 00 0D 00 0E 00 16 00 0B 00 02 01 00 ................
0090: 00 0D 00 28 00 26 04 03 05 03 06 03 08 04 08 05 ...(.&..........
00A0: 08 06 08 09 08 0A 08 0B 04 01 05 01 06 01 04 02 ................
00B0: 03 03 03 01 03 02 02 03 02 01 02 02 00 32 00 28 .............2.(
00C0: 00 26 04 03 05 03 06 03 08 04 08 05 08 06 08 09 .&..............
00D0: 08 0A 08 0B 04 01 05 01 06 01 04 02 03 03 03 01 ................
00E0: 03 02 02 03 02 01 02 02 00 11 00 09 00 07 02 00 ................
00F0: 04 00 00 00 00 00 17 00 00 00 2B 00 07 06 03 03 ..........+.....
0100: 03 02 03 01 FF 01 00 01 00 .........
)
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.357 CEST|SSLEngineInputRecord.java:177|Raw read (
0000: 15 03 03 00 02 02 28 ......(
)
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.358 CEST|SSLEngineInputRecord.java:214|READ: TLSv1.2 alert, length = 2
javax.net.ssl|DEBUG|29|reactor-http-nio-6|2019-07-30 14:14:36.359 CEST|Alert.java:232|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|29|reactor-http-nio-6|2019-07-30 14:14:36.360 CEST|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:672)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:627)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:443)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:422)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1332)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1227)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:682)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:617)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:534)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:906)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
最佳答案
好的,我在尝试服务器 ssl 配置后找到了答案。我路由到的服务是一个 spring boot 应用程序,它的 ssl 配置限制了密码套件的使用,如下所示:
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
而且那个套件不能由spring cloud gateway处理。如果我根本不设置该属性,它就会起作用。
但是现在想知道spring cloud gateway支持哪些套件?为什么这完全是网关的问题?
关于ssl - 无法使用 spring 云网关从 http 请求路由到 https 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57271794/