在与已升级到TLS 1.1的API对话的Grails前端应用程序上出现握手错误
在与已升级到TLS 1.1的API对话的Grails前端应用程序上出现握手错误
提问于 2018-05-31 18:02:42
API服务器早期支持TLS 1.0版,一切正常。在停止对1.0的支持后,开始获取这些错误-
Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService :200 - wslite.rest.RESTClientException: Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService :200 - null在本地设置中,我们通过run-app命令直接在eclipse上运行Grails应用程序。为了修复那里的TLS问题,我们在应用程序配置文件BuildConfig.groovy中添加了jvmArgs配置,它可以工作-
grails.project.fork = [
// configure settings for the run-app JVM
run: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]在沙箱服务器上,我们通过在tomcat服务器上部署一个war文件来运行应用程序。我们尝试将相同的配置更改添加到配置文件中的war属性,但它不起作用-
grails.project.fork = [
// configure settings for the run-war JVM
war: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]然后我们也向tomcat config提到了同样的问题,但仍然没有成功。这是catalina的日志,显示tomcat正在获取更新的TLS配置-
INFO: CATALINA_HOME: /opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.config.file=/opt/tomcat7-cpp2/conf/logging.properties
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttps.protocol=TLSv1.1,TLSv1.2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=/opt/tomcat7-cpp2/endorsed
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.io.tmpdir=/opt/tomcat7-cpp2/temp
May 31, 2018 8:49:18 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found o
n the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib但是,我们无法确认应用程序是否也在读取针对war属性定义的更新后的TLS配置。
任何帮助或指示都将不胜感激。
回答 1
Stack Overflow用户
发布于 2018-06-03 03:03:15
看起来您的Tomcat配置中有一个拼写错误,其中指定了-Dhttps.protocol=TLSv1.1,TLSv1.2。正确的系统变量是https.protocols (带有s)。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50621656
复制相关文章
相似问题
腾讯云开发者
