我尝试安装 Oracle Entitlements Server Client。 当我打电话时
config.cmd -smConfigId Sample-SM -prpFileName C:\oracle\product\11.1.2\as_1\oessm\SMConfigTool\smconfig.java.controlled.prp
我得到了这个异常:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.OutputStream.write(OutputStream.java:75)
at oracle.security.oes.enroll.EnrollmentClient.writeToSocket(EnrollmentClient.java:330)
at oracle.security.oes.enroll.EnrollmentClient.enroll(EnrollmentClient.java:161)
at oracle.security.oes.enroll.EnrollmentClient.main(EnrollmentClient.java:478)
at oracle.security.oes.tools.EnrollmentTool.doEnroll(EnrollmentTool.java:103)
at oracle.security.oes.tools.SMConfigTool.doEnrollment(SMConfigTool.java:1192)
at oracle.security.oes.tools.SMConfigTool.run(SMConfigTool.java:617)
at oracle.security.oes.tools.SMConfigTool.main(SMConfigTool.java:546)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 15 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
... 21 more
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
你能帮我找出原因吗?
最佳答案
问题是由于 Oracle 禁用了不再被认为是安全的哈希算法。看看
JRE_HOME/lib/security/java.security
它包含以下属性:
jdk.certpath.disabledAlgorithms
jdk.tls.disabledAlgorithms
您可以适当调整它们。例如,从前者中删除 MD5,从后者中删除 MD5withRSA。
docker 镜像提示:
在一些 docker 镜像中有额外的配置文件 /etc/crypto-policies/back-ends/java.config,比如 keycloak 在我的例子中它覆盖了 java.security
关于java - SSL 握手异常 : "Algorithm constraints check failed: MD5withRSA",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21218217/