我们从Jenkins调用gradle构建,所使用的Java是IBM Java 1.8。构建完成后,应该将打包的耳文件发布在Artifactory上,这就是失败的原因,因为它使用的是TLSv1,而人工服务器使用的是TLSv1.2(RECV TLSv1.2 ALERT:fatal,protocol_version)。
我们已指定参数以尝试强制其使用TLSv1.2,但无济于事。
如果我们只是简单地将Java从IBM java切换到OpenJDK,那么一切都可以,但是我们必须使用IBM JDK。
以下是摘录自日志,任何见解将不胜感激。
16:37:27 BUILD_ID=52
16:37:27 JAVA_TOOL_OPTIONS=-Duser.home=/home/jenkins -Dhttps.protocols=TLSv1.2 -Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all -Dcom.ibm.jsse2.disablesslv3=false -Djdk.tls.client.protocols=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Djdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1
16:39:49 jdk.tls.client.protocols is defined as TLSv1.2
16:39:49 SSLv3 protocol was requested but was not enabled
16:39:49 SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49 SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49 CLIENT_DEFAULT: [TLSv1.2]
16:39:49 IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
16:39:49 IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
16:39:49 IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
16:39:49 IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
16:39:49 IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
16:39:49
16:39:49 Is initial handshake: true
16:39:49 Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_GCM_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49 Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
16:39:49 %% No cached client session
16:39:49 *** ClientHello, TLSv1
16:39:49 RandomCookie: GMT: 1595384853 bytes = { 107, 178, 131, 155, 114, 248, 46, 134, 176, 84, 230, 191, 243, 124, 238, 63, 233, 106, 234, 197, 151, 26, 164, 199, 46, 116, 65, 30 }
16:39:49 Session ID: {}
16:39:49 Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA]
16:39:49 Compression Methods: { 0 }
16:39:49 Extension elliptic_curves, curve names: {secp256r1, secp192r1, secp224r1, secp384r1, secp521r1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp256k1}
16:39:49 Extension ec_point_formats, formats: [uncompressed]
16:39:49 Extension server_name, server_name: [type=host_name (0), value=artifactory..xxx.xxx]
16:39:49 ***
16:39:49 [write] MD5 and SHA1 hashes: len = 123
16:39:49 [Raw read]: length = 2
16:39:49 0000: 02 46 .F
16:39:49
16:39:49 pool-1-thread-1, READ: TLSv1 Alert, length = 2
16:39:49 pool-1-thread-1, RECV TLSv1.2 ALERT: fatal, protocol_version
**16:39:49 pool-1-thread-1, called closeSocket()
16:39:49 pool-1-thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
16:39:49 Error occurred for request GET /artifactory/api/system/version HTTP/1.1: Received fatal alert: protocol_version.**```
最佳答案
尝试将gradle.properties更新为:
systemProp.com.ibm.jsse2.overrideDefaultTLS = true
关于java - 使用IBM JDK而不使用TLS 1.2的Gradle构建,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63043520/