java ssl错误无法支持TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Question

我有一个基于java的应用程序，它是由一些客户提供的。 当我尝试运行该应用程序时，出现以下错误，当我联系客户时，他们只是要求使用 8 更新 JCE ,

我执行了以下步骤

1. 从 Oracle JCE 下载 site 下载软件.
2. 解压该软件包并将文件 local_policy.jar 和 US_export_policy.jar 复制到 JRE 安全库中。

JRE — C:\Program Files\Java\jre1.8.0_144\lib\security

JDK — C:\Program Files\Java\jdk1.8.0_92\jre\lib\security

但仍然出现以下错误。

23:12:53.652 错误 [nioEventLoopGroup-4-5] c.s.w.s.s.h.CloudWebSocketFrameHandler - 当前安装的提供程序无法支持 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 java.lang.IllegalArgumentException:当前安装的提供程序无法支持 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 在 sun.security.ssl.CipherSuiteList.(CipherSuiteList.java:92) 在 sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2038) 在 com.samsung.wwst.sdk.simulator.service.CloudClientManager.init(SamsungCloudClientManager.java:205) 在 com.samsung.wwst.sdk.simulator.handler.CloudWebSocketFrameHandler.channelRead(SamsungCloudWebSocketFrameHandler.java:72)

Answer 1

注意:这不是答案，而是对研究问题的帮助。

尝试使用以下代码列出 Java 安装中的所有密码套件。

SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

TreeMap<String, Boolean> ciphers = new TreeMap<>();
for (String cipher : ssf.getSupportedCipherSuites())
    ciphers.put(cipher, Boolean.FALSE);
for (String cipher : ssf.getDefaultCipherSuites())
    ciphers.put(cipher, Boolean.TRUE);

System.out.println("Default Cipher");
for (Entry<String, Boolean> cipher : ciphers.entrySet())
    System.out.printf("   %-5s%s%n", (cipher.getValue() ? '*' : ' '), cipher.getKey());

当我在 jdk1.8.0_151(Windows，64 位)上运行时，我得到以下输出:

Default Cipher
        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_DSS_WITH_DES_CBC_SHA
        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_RSA_WITH_DES_CBC_SHA
        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
        SSL_DH_anon_WITH_DES_CBC_SHA
        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_RSA_WITH_DES_CBC_SHA
        SSL_RSA_WITH_NULL_MD5
        SSL_RSA_WITH_NULL_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DH_anon_WITH_AES_128_CBC_SHA
        TLS_DH_anon_WITH_AES_128_CBC_SHA256
        TLS_DH_anon_WITH_AES_128_GCM_SHA256
   *    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_NULL_SHA
   *    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_NULL_SHA
   *    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDH_ECDSA_WITH_NULL_SHA
   *    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDH_RSA_WITH_NULL_SHA
        TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_anon_WITH_AES_128_CBC_SHA
        TLS_ECDH_anon_WITH_NULL_SHA
   *    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
        TLS_KRB5_WITH_3DES_EDE_CBC_MD5
        TLS_KRB5_WITH_3DES_EDE_CBC_SHA
        TLS_KRB5_WITH_DES_CBC_MD5
        TLS_KRB5_WITH_DES_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_NULL_SHA256

当我添加您链接到的策略文件时，输出更改为:

Default Cipher
        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_DSS_WITH_DES_CBC_SHA
        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_RSA_WITH_DES_CBC_SHA
        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
        SSL_DH_anon_WITH_DES_CBC_SHA
        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_RSA_WITH_DES_CBC_SHA
        SSL_RSA_WITH_NULL_MD5
        SSL_RSA_WITH_NULL_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
   *    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
   *    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
   *    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
   *    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
   *    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DH_anon_WITH_AES_128_CBC_SHA
        TLS_DH_anon_WITH_AES_128_CBC_SHA256
        TLS_DH_anon_WITH_AES_128_GCM_SHA256
        TLS_DH_anon_WITH_AES_256_CBC_SHA
        TLS_DH_anon_WITH_AES_256_CBC_SHA256
        TLS_DH_anon_WITH_AES_256_GCM_SHA384
   *    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_NULL_SHA
   *    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_NULL_SHA
   *    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDH_ECDSA_WITH_NULL_SHA
   *    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDH_RSA_WITH_NULL_SHA
        TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_anon_WITH_AES_128_CBC_SHA
        TLS_ECDH_anon_WITH_AES_256_CBC_SHA
        TLS_ECDH_anon_WITH_NULL_SHA
   *    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
        TLS_KRB5_WITH_3DES_EDE_CBC_MD5
        TLS_KRB5_WITH_3DES_EDE_CBC_SHA
        TLS_KRB5_WITH_DES_CBC_MD5
        TLS_KRB5_WITH_DES_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_RSA_WITH_AES_256_CBC_SHA
   *    TLS_RSA_WITH_AES_256_CBC_SHA256
   *    TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_NULL_SHA256

如您所见，添加策略文件可启用 AES 256 密码套件。