使用TLS 1.2实现到Oracle数据库
使用TLS 1.2实现到Oracle数据库
提问于 2021-03-29 11:32:21
我正在尝试实现TLS 1.2,从Websphere Application Server v9.0.5.6到Oracle 19c数据库。WAS和Oracle都运行在Centos 7上的不同虚拟机上,使用Websphere提供IBM 8,Oracle提供ojdbc8.jar (来自Oracle 19c客户端)。非ssl连接在WAS上运行良好。
我做了以下工作来实现TLS 1.2。
- 使用此链接并完成了Oracle端SSL配置。为了进行测试,我甚至在WAS上进行了客户端配置,并使用sqlplus (与oracle和oracle19c客户端)进行了测试,并且能够按照这个查询提供的方式连接和获取TCPS。
- 然后,我将Oracle自签名证书添加到'WAS_HOME/AppServer/profiles/AppSrv01/etc/trust.p12'.中。我使用iKeyman将DB证书添加到WAS中。然后用值javax.net.ssl.trustStore=WAS_HOME/AppServer/profiles/AppSrv01/etc/trust.p12;javax.net.ssl.trustStoreType=PKCS12;oracle.net.ssl_version=1.2;javax.net.ssl.trustStorePassword=***在数据源“connectionProperties”中添加自定义属性。
- 而不是第2点,我也尝试了JKS。将Oracle自签名证书添加到'WAS_HOME/AppServer/java/8.0/jre/lib/security/cacerts'.我使用iKeyman将DB证书添加到WAS中。然后在数据源‘connectionProperties’中添加自定义属性,其值为javax.net.ssl.keyStore= javax.net.ssl.keyStore= javax.net.ssl.keyStoreType=JKS;oracle.net.ssl_version=1.2;javax.net.ssl.keyStorePassword=***
我启用了调试日志,在这两种情况下,我都得到了错误'java.security.SignatureException: Signature不正确:get128个,但期望256‘
请有人就错误提出建议,或者如何成功地实现从WAST1.2到Oracle DB的TLS 1.2?
Sysout日志
[29/03/21 10:37:15:975 BST] 0000008c FileRepositor A ADMR0010I: Document cells/appserver01Node01Cell/security.xml is modified.
[29/03/21 10:37:15:978 BST] 0000008c FileRepositor A ADMR0010I: Document cells/appserver01Node01Cell/nodes/appserver01Node01/trust.p12 is modified.
[29/03/21 10:37:26:165 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.164 BST|Thread.java:1164|adding as trusted certificates (
"certificate" : {
"version" : "v3",
"serial number" : "30 F6 93 B4",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-03-28 04:43:25.000 BST",
"not after" : "2031-02-04 03:43:25.000 GMT",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 57 d7 09 3f d2 5e db c3 43 93 6f af 82 4a fc 7d W.......C.o..J..
0010: 16 74 be 60 .t..
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "38 5D 50 BF 82",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=appserver01.miracle.com, OU=Root Certificate, OU=appserver01Node01Cell, OU=appserver01Node01, O=IBM, C=US",
"not before" : "2021-03-25 21:09:10.000 GMT",
"not after" : "2036-03-21 21:09:10.000 GMT",
"subject" : "CN=appserver01.miracle.com, OU=Root Certificate, OU=appserver01Node01Cell, OU=appserver01Node01, O=IBM, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4c 3e 62 ab 29 d9 6c 08 L.b...l.
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: ProfileUUID:AppSrv01-BASE-5d9b3381-f22f-4812-a07b-c1e59b63d0a5]]
}
]}
)
[29/03/21 10:37:26:171 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.166 BST|Thread.java:1164|keyStore is: /home/sunny/IBM/WebSphere/AppServer/java/8.0/jre/lib/security/cacerts
[29/03/21 10:37:26:172 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.171 BST|Thread.java:1164|keyStore type is: jks
[29/03/21 10:37:26:178 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.173 BST|Thread.java:1164|keyStore provider is:
…..
[29/03/21 10:37:26:218 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.217 BST|Thread.java:1164|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384
[29/03/21 10:37:26:220 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.218 BST|Thread.java:1164|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256
……
[29/03/21 10:37:26:261 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.256 BST|Thread.java:1164|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256
[29/03/21 10:37:26:264 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.262 BST|Thread.java:1164|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256
[29/03/21 10:37:26:287 BST] 0000008c SystemOut O javax.net.ssl|WARNING|8C|WebContainer : 1|2021-03-29 10:37:26.284 BST|Thread.java:1164|Unable to indicate server name
…
[29/03/21 10:37:26:303 BST] 0000008c SystemOut O javax.net.ssl|INFO|8C|WebContainer : 1|2021-03-29 10:37:26.300 BST|Thread.java:1164|No available application protocols
[29/03/21 10:37:26:304 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.303 BST|Thread.java:1164|Ignore, context unavailable extension: application_layer_protocol_negotiation
[29/03/21 10:37:26:306 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.304 BST|Thread.java:1164|Ignore, context unavailable extension: status_request_v2
[29/03/21 10:37:26:307 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.306 BST|Thread.java:1164|Ignore, context unavailable extension: renegotiation_info
[29/03/21 10:37:26:310 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.309 BST|Thread.java:1164|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "88 57 8E A5 C0 F4 72 B7 2C F9 EA 52 C1 8B D8 D4 3E 09 5D 3A BB 50 9C 5D 78 54 DD 19 AA 81 A9 63",
"session id" : "",
"cipher suites" : "[SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), SSL_RSA_WITH_AES_256_GCM_SHA384(0x009D), SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), SSL_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), SSL_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), SSL_RSA_WITH_AES_128_GCM_SHA256(0x009C), SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
………..
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), SSL_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), SSL_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(0xC008), SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(0x0016), SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(0x0013), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.2]
}
]
}
)
[29/03/21 10:37:26:312 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.311 BST|Thread.java:1164|WRITE: TLS12 handshake, length = 262
[29/03/21 10:37:26:314 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.313 BST|Thread.java:1164|Raw write (
0000: 16 03 03 01 06 01 00 01 02 03 03 88 57 8e a5 c0 ............W...
0010: f4 72 b7 2c f9 ea 52 c1 8b d8 d4 3e 09 5d 3a bb .r....R.........
.
00e0: 08 04 08 05 08 06 08 09 08 0a 08 0b 04 01 05 01 ................
00f0: 06 01 04 02 03 03 03 01 03 02 02 03 02 01 02 02 ................
0100: 00 17 00 00 00 2b 00 03 02 03 03 ...........
)
[29/03/21 10:37:26:321 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.320 BST|Thread.java:1164|Raw read (
0000: 16 03 03 00 51 02 00 00 4d 03 03 60 61 9f d6 32 ....Q...M...a..2
0010: 63 9b cf 09 dc a2 95 64 8d c0 cb 0f e5 ed 1b 1b c......d........
0040: b5 10 28 2a 9d e0 ed 5e a8 f9 a5 13 c0 30 00 00 .............0..
.
02d0: 2b f9 e5 e8 c0 60 be 3b 11 68 2a 0d 1f 60 18 b3 .........h......
02e0: e6 d5 0b 7e 12 03 9e 72 2f 88 f3 54 26 18 18 ca .......r...T....
02f0: e5 ae 0a 2f db b9 0f 18 ae c5 2f 8d 16 03 03 00 ................
0300: 04 0e 00 00 00 .....
)
[29/03/21 10:37:26:323 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.322 BST|Thread.java:1164|READ: TLSv1.2 handshake, length = 81
[29/03/21 10:37:26:328 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.327 BST|Thread.java:1164|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "60 61 9F D6 32 63 9B CF 09 DC A2 95 64 8D C0 CB 0F E5 ED 1B 1B E3 C9 2B 7F 06 6D 03 58 6D DF 4F",
"session id" : "3A EC 80 A8 76 B9 C2 33 CD 59 71 86 01 77 6F 4B 64 3A 0A A6 B5 10 28 2A 9D E0 ED 5E A8 F9 A5 13",
"cipher suite" : "SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
[29/03/21 10:37:26:335 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.334 BST|Thread.java:1164|Ignore unavailable extension: supported_versions
[29/03/21 10:37:26:336 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.335 BST|Thread.java:1164|Negotiated protocol version: TLSv1.2
…
[29/03/21 10:37:26:367 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.365 BST|Thread.java:1164|Ignore unavailable extension: status_request_v2
[29/03/21 10:37:26:369 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.367 BST|Thread.java:1164|Consumed extension: renegotiation_info
[29/03/21 10:37:26:370 BST] 0000008c SystemOut O javax.net.ssl|ALL|8C|WebContainer : 1|2021-03-29 10:37:26.369 BST|Thread.java:1164|Session initialized: Session(1617010646369|SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
[29/03/21 10:37:26:372 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.371 BST|Thread.java:1164|Ignore unavailable extension: server_name
…
[29/03/21 10:37:26:380 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.380 BST|Thread.java:1164|Ignore unavailable extension: status_request_v2
[29/03/21 10:37:26:381 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.380 BST|Thread.java:1164|Ignore unavailable extension: extended_master_secret
[29/03/21 10:37:26:387 BST] 0000008c SystemOut O javax.net.ssl|WARNING|8C|WebContainer : 1|2021-03-29 10:37:26.382 BST|Thread.java:1164|Ignore impact of unsupported extension: renegotiation_info
[29/03/21 10:37:26:390 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.388 BST|Thread.java:1164|Raw read (
0000: 16 03 03 01 cf 0b 00 01 cb 00 01 c8 00 01 c5 30 ...............0
0010: 82 01 c1 30 82 01 2a 02 11 00 a2 75 59 bc 83 45 ...0.......uY..E
.
0260: e8 c6 b2 6c ac 7d 76 15 a0 94 72 cd 50 e8 37 75 ...l..v...r.P.7u
02a0: 0f 18 ae c5 2f 8d 16 03 03 00 04 0e 00 00 00 ...............
)
[29/03/21 10:37:26:392 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.390 BST|Thread.java:1164|READ: TLSv1.2 handshake, length = 463
[29/03/21 10:37:26:394 BST] 0000008c SystemOut O javax.net.ssl|FINE|8C|WebContainer : 1|2021-03-29 10:37:26.393 BST|Thread.java:1164|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v1",
"serial number" : "00 A2 75 59 BC 83 45 CD 7D 9E B0 D9 8B E3 FD 9B 92",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-03-21 02:10:55.000 GMT",
"not after" : "2031-03-19 02:10:55.000 GMT",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
]
)
[29/03/21 10:37:26:404 BST] 0000008c SystemOut O javax.net.ssl|SEVERE|8C|WebContainer : 1|2021-03-29 10:37:26.403 BST|Thread.java:1164|Fatal (BAD_CERTIFICATE): PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed (
"throwable" : {
com.ibm.jsse2.util.j: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at com.ibm.jsse2.util.h.a(h.java:174)
at com.ibm.jsse2.util.h.b(h.java:185)
at com.ibm.jsse2.util.g.a(g.java:10)
at com.ibm.jsse2.bq.a(bq.java:32)
at com.ibm.jsse2.bq.a(bq.java:70)
at com.ibm.jsse2.bq.checkServerTrusted(bq.java:10)
at com.ibm.jsse2.y$c.a(y$c.java:99)
at com.ibm.jsse2.y$c.a(y$c.java:10)
at com.ibm.jsse2.y$c.consume(y$c.java:6)
at com.ibm.jsse2.p.consume(p.java:43)
at com.ibm.jsse2.Z.a(Z.java:73)
at com.ibm.jsse2.bf$a$b.a(bf$a$b.java:2)
at com.ibm.jsse2.bf$a$b.run(bf$a$b.java:3)
at java.security.AccessController.doPrivileged(AccessController.java:774)
at com.ibm.jsse2.bf$a.run(bf$a.java:26)
at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:602)
at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:434)
at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:128)
at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:350)
at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:247)
at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:117)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:340)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1596)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:588)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:793)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:57)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:747)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:406)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:291)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:206)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:148)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:91)
at com.ibm.ws.rsadapter.DSConfigHelper$1.run(DSConfigHelper.java:1273)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5446)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5662)
at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
at com.ibm.ws.rsadapter.spi.ServerFunction$6.run(ServerFunction.java:571)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1288)
at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1196)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:2076)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:1952)
at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:2820)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556)
at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:83)
at sun.reflect.GeneratedMethodAccessor43.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:287)
at javax.management.modelmbean.RequiredModelMBean$4.run(RequiredModelMBean.java:1263)
at java.security.AccessController.doPrivileged(AccessController.java:708)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1257)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:1096)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:831)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:813)
at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1353)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1246)
at com.ibm.ws.management.commands.AdminServiceCommands$InvokeCmd.execute(AdminServiceCommands.java:251)
at com.ibm.ws.console.core.mbean.MBeanHelper.invoke(MBeanHelper.java:246)
at com.ibm.ws.console.core.mbean.ResourceMBeanHelper.testNode(ResourceMBeanHelper.java:860)
at com.ibm.ws.console.core.mbean.ResourceMBeanHelper.testConnection(ResourceMBeanHelper.java:292)
at com.ibm.ws.console.resources.database.jdbc.DataSourceDetailAction.testConnection(DataSourceDetailAction.java:713)
at com.ibm.ws.console.resources.database.jdbc.DataSourceCollectionAction.execute(DataSourceCollectionAction.java:339)
at org.apache.struts.action.RequestProcessor.processActionPerform(Unknown Source)
at org.apache.struts.action.RequestProcessor.process(Unknown Source)
at org.apache.struts.action.ActionServlet.process(Unknown Source)
at org.apache.struts.action.ActionServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1235)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:779)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:179)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:143)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:78)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:1408)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:198)
at org.apache.struts.action.RequestProcessor.doForward(Unknown Source)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(Unknown Source)
at org.apache.struts.action.RequestProcessor.processForwardConfig(Unknown Source)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(Unknown Source)
at org.apache.struts.action.RequestProcessor.process(Unknown Source)
at org.apache.struts.action.ActionServlet.process(Unknown Source)
at org.apache.struts.action.ActionServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1235)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:779)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:179)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:143)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:96)
at com.ibm.ws.console.core.servlet.WSCUrlFilter.setUpCommandAssistance(WSCUrlFilter.java:984)
at com.ibm.ws.console.core.servlet.WSCUrlFilter.continueStoringTaskState(WSCUrlFilter.java:531)
at com.ibm.ws.console.core.servlet.WSCUrlFilter.doFilter(WSCUrlFilter.java:352)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:82)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:963)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
Caused by: java.security.cert.CertPathValidatorException: signature check failed
at com.ibm.security.cert.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:130)
at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:232)
at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:136)
at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)
at com.ibm.jsse2.util.h.a(h.java:74)
... 127 more
Caused by: java.security.SignatureException: Signature length not correct: got 128 but was expecting 256
at com.ibm.crypto.provider.RSASignature.engineVerify(Unknown Source)
at java.security.Signature$Delegate.engineVerify(Signature.java:1403)
at java.security.Signature.verify(Signature.java:777)
at com.ibm.security.x509.X509CertImpl.verify(X509CertImpl.java:739)
at com.ibm.security.cert.BasicChecker.verifySignature(BasicChecker.java:182)
at com.ibm.security.cert.BasicChecker.check(BasicChecker.java:163)
at com.ibm.security.cert.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:120)回答 2
Stack Overflow用户
回答已采纳
发布于 2021-04-06 17:50:19
步骤
- 下面是我的设置,尽管安装对于实现TLS 1.2没有什么影响。 在Centos VM1上为v9.0.5.6。是用‘user1 1’安装的。使用Websphere提供了IBM 8。 19c在同一个Centos VM1上。Oracle客户端安装有“oracle”用户。 基于Centos VM2的OracleDatabase19c安装有“oracle”用户的数据库。
- 使用此链接完成服务器和客户端证书配置。在服务器和客户端上生成并交换自签名证书,如说明中所示。用于测试,使密码不受特殊字符的影响。当密码包含特殊字符时,我看到了一些问题。
- 在Oracle主机(Centos VM1 for me)上,将Oracle PKCS12转换为Java。我对‘oracle’用户使用了下面的命令。
orapki wallet pkcs12_to_jks -wallet "/home/oracle/wallet" -pwd abcd123 -jksKeyStoreLoc "/home/oracle/jkswallet/ewallet.jks" -jksKeyStorepwd abcd123 - 将“home/oracle/oracle”和“home/oracle/ its /ewallet.jks”的权限更改为755,以便‘user1’运行的访问权限位于同一台服务器上。
- On使用ojdbc8.jar创建一个普通的‘JDBC提供程序’。不需要其他罐子了。使用前面创建的JDBC提供程序创建一个“数据源”。除了数据源之外,还为用户名和密码创建‘JAAS- J2C身份验证数据’。
- 我在“数据源”中使用了以下url格式
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=172.16.77.11)(PORT=2484)))(CONNECT_DATA=(SERVICE_NAME=PROD01PDB))) - 在“数据源”下的“自定义属性”中添加属性
名称:
connectionProperties价值:javax.net.ssl.keyStore=/home/oracle/jkswallet/ewallet.jks; javax.net.ssl.keyStoreType=JKS; javax.net.ssl.keyStorePassword=abcd123; javax.net.ssl.trustStore=/home/oracle/jkswallet/ewallet.jks; javax.net.ssl.trustStoreType=JKS; javax.net.ssl.trustStorePassword=abcd123; oracle.net.ssl_version=1.2; oracle.net.ssl_server_dn_match=false
最后,微调调试日志
[06/04/21 16:14:30:947 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:30.946 BST|Thread.java:1164|found key for : orakey (
"certificate" : {
"version" : "v1",
"serial number" : "00 E5 74 A4 14 70 21 C0 6D 42 78 B1 AF 86 B3 7F 09",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=appserver01",
"not before" : "2021-04-06 01:35:51.000 BST",
"not after" : "2031-04-04 01:35:51.000 BST",
"subject" : "CN=appserver01",
"subject public key" : "RSA"}
)
[06/04/21 16:14:30:956 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:30.955 BST|Thread.java:1164|adding as trusted certificates (
"certificate" : {
"version" : "v1",
"serial number" : "00 E5 74 A4 14 70 21 C0 6D 42 78 B1 AF 86 B3 7F 09",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=appserver01",
"not before" : "2021-04-06 01:35:51.000 BST",
"not after" : "2031-04-04 01:35:51.000 BST",
"subject" : "CN=appserver01",
"subject public key" : "RSA"},
"certificate" : {
"version" : "v1",
"serial number" : "00 AB 2C F7 0B 59 C2 76 AE CC F0 21 EF DA 8B D7 D1",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-04-06 01:50:52.000 BST",
"not after" : "2031-04-04 01:50:52.000 BST",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
)
application_layer_protocol_negotiation
[06/04/21 16:14:32:709 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.708 BST|Thread.java:1164|Ignore, context unavailable extension: status_request_v2
[06/04/21 16:14:32:714 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.712 BST|Thread.java:1164|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "7B 73 62 0A 5B C3 CC 62 19 FC C1 78 03 30 F4 39 7C F8 A3 81 F9 02 4C BB 7A 35 8D F7 55 8A 8A 83",
"session id" : "",
"cipher suites" : "[SSL_RSA_WITH_AES_256_GCM_SHA384(0x009D)]",
"compression methods" : "00",
"extensions" : [
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.2]
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
[06/04/21 16:14:32:736 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.735 BST|Thread.java:1164|READ: TLSv1.2 handshake, length = 81
[06/04/21 16:14:32:741 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.740 BST|Thread.java:1164|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "60 6C 7A D8 CC A6 0C B4 A4 5E 49 53 44 B4 68 77 7D 18 01 D6 04 10 DD E8 A6 E5 8D 6C EE DC 54 2A",
"session id" : "11 E9 ED 05 27 69 4E B8 A4 FA 28 0F 4C 19 AD 2F D6 55 47 ED A1 EB 0E 91 E6 E6 7B 53 D9 E0 0C DA",
"cipher suite" : "SSL_RSA_WITH_AES_256_GCM_SHA384(0x009D)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
[06/04/21 16:14:32:804 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.803 BST|Thread.java:1164|READ: TLSv1.2 handshake, length = 463
[06/04/21 16:14:32:820 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.817 BST|Thread.java:1164|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v1",
"serial number" : "00 AB 2C F7 0B 59 C2 76 AE CC F0 21 EF DA 8B D7 D1",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-04-06 01:50:52.000 BST",
"not after" : "2031-04-04 01:50:52.000 BST",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
]
)
[06/04/21 16:14:32:831 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.830 BST|Thread.java:1164|Found trusted certificate (
"certificate" : {
"version" : "v1",
"serial number" : "00 AB 2C F7 0B 59 C2 76 AE CC F0 21 EF DA 8B D7 D1",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-04-06 01:50:52.000 BST",
"not after" : "2031-04-04 01:50:52.000 BST",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
)
[06/04/21 16:14:32:916 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.915 BST|Thread.java:1164|JsseJCE: Using cipher RSA/SSL/PKCS1Padding from provider IBMJCE version 1.8
[06/04/21 16:14:32:922 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.920 BST|Thread.java:1164|RSAClientKeyExchange: Using cipher for wrap RSA/SSL/PKCS1Paddingfrom provider from init IBMJCE version 1.8
[06/04/21 16:14:32:928 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:32.926 BST|Thread.java:1164|Produced RSA ClientKeyExchange handshake message (
"RSA ClientKeyExchange": {
"client_version": TLSv1.2
"encrypted": {
0000: 24 64 33 4f 9f 90 85 77 fe 9d c2 f4 ac 75 78 56 .d3O...w.....uxV
......
0060: 21 21 f9 68 c9 2e 79 60 cc fe d1 78 1d 5a 69 c1 ...h..y....x.Zi.
0070: 4e 73 47 eb b6 39 3f 07 0a 89 62 fb 29 78 c5 f9 NsG..9....b..x..
}
}
)
[06/04/21 16:14:33:052 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.050 BST|Thread.java:1164|Produced ChangeCipherSpec message
[06/04/21 16:14:33:054 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.052 BST|Thread.java:1164|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: 56 66 52 df 64 68 37 a0 de 28 28 18
}'}
)
[06/04/21 16:14:33:055 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.054 BST|Thread.java:1164|WRITE: TLS12 handshake, length = 134
[06/04/21 16:14:33:291 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.290 BST|Thread.java:1164|found key for : orakey (
"certificate" : {
"version" : "v1",
"serial number" : "00 E5 74 A4 14 70 21 C0 6D 42 78 B1 AF 86 B3 7F 09",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=appserver01",
"not before" : "2021-04-06 01:35:51.000 BST",
"not after" : "2031-04-04 01:35:51.000 BST",
"subject" : "CN=appserver01",
"subject public key" : "RSA"}
)
[06/04/21 16:14:33:294 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.293 BST|Thread.java:1164|adding as trusted certificates (
"certificate" : {
"version" : "v1",
"serial number" : "00 E5 74 A4 14 70 21 C0 6D 42 78 B1 AF 86 B3 7F 09",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=appserver01",
"not before" : "2021-04-06 01:35:51.000 BST",
"not after" : "2031-04-04 01:35:51.000 BST",
"subject" : "CN=appserver01",
"subject public key" : "RSA"},
"certificate" : {
"version" : "v1",
"serial number" : "00 AB 2C F7 0B 59 C2 76 AE CC F0 21 EF DA 8B D7 D1",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-04-06 01:50:52.000 BST",
"not after" : "2031-04-04 01:50:52.000 BST",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
)
[06/04/21 16:14:33:389 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.387 BST|Thread.java:1164|Ignore, context unavailable extension: status_request_v2
[06/04/21 16:14:33:405 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.391 BST|Thread.java:1164|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "59 4F CB D5 24 6A E7 DC D4 75 4C 1D EC F9 84 2F BC D5 EC 24 EB BC 69 4F 35 29 88 0F 42 46 B7 0E",
"session id" : "",
"cipher suites" : "[SSL_RSA_WITH_AES_256_GCM_SHA384(0x009D)]",
"compression methods" : "00",
"extensions" : [
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.2]
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
[06/04/21 16:14:33:424 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.422 BST|Thread.java:1164|READ: TLSv1.2 handshake, length = 81
[06/04/21 16:14:33:427 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.426 BST|Thread.java:1164|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "60 6C 7A D9 FB 0C 6F 09 5C 10 3A 03 F4 01 E2 4A 58 60 72 D1 9D 7B 3A D7 2F 91 12 32 7C CF 85 0D",
"session id" : "2A 9D 32 23 12 52 AC 29 B8 69 D5 50 60 FE 15 4E C8 68 1C 8A AA C1 71 0E 42 55 EF BD CE 88 95 53",
"cipher suite" : "SSL_RSA_WITH_AES_256_GCM_SHA384(0x009D)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
)
[06/04/21 16:14:33:521 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.519 BST|Thread.java:1164|READ: TLSv1.2 handshake, length = 463
[06/04/21 16:14:33:522 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.521 BST|Thread.java:1164|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v1",
"serial number" : "00 AB 2C F7 0B 59 C2 76 AE CC F0 21 EF DA 8B D7 D1",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-04-06 01:50:52.000 BST",
"not after" : "2031-04-04 01:50:52.000 BST",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
]
)
[06/04/21 16:14:33:524 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.523 BST|Thread.java:1164|Found trusted certificate (
"certificate" : {
"version" : "v1",
"serial number" : "00 AB 2C F7 0B 59 C2 76 AE CC F0 21 EF DA 8B D7 D1",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=dbserver01.miracle.com",
"not before" : "2021-04-06 01:50:52.000 BST",
"not after" : "2031-04-04 01:50:52.000 BST",
"subject" : "CN=dbserver01.miracle.com",
"subject public key" : "RSA"}
)
[06/04/21 16:14:33:555 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.554 BST|Thread.java:1164|Produced RSA ClientKeyExchange handshake message (
"RSA ClientKeyExchange": {
"client_version": TLSv1.2
"encrypted": {
0000: 3f b0 62 d5 f6 31 b9 b5 02 37 29 3e 63 e0 38 f8 ..b..1...7..c.8.
0010: 0e f5 03 a3 d3 ad 00 a1 06 92 c7 ff 65 a4 44 5b ............e.D.
…
0060: 2e 52 49 75 fb 9d b3 00 96 77 53 29 46 f5 60 ae .RIu.....wS.F...
0070: b2 84 59 db f1 fc 66 6e 5f 41 51 75 da 52 c5 4a ..Y...fn.AQu.R.J
}
}
)
[06/04/21 16:14:33:579 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.575 BST|Thread.java:1164|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: 69 8c 88 f6 6a 03 b6 81 ad d6 58 c1
}'}
)
IBMJCE version 1.8
[06/04/21 16:14:33:716 BST] 00000078 SystemOut O javax.net.ssl|FINE|78|WebContainer : 0|2021-04-06 16:14:33.714 BST|Thread.java:1164|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: 84 65 d5 89 28 fc 35 0c 47 a0 e3 42
}'}
)
[06/04/21 16:14:34:642 BST] 00000078 DSConfigurati I DSRA8025I: Successfully connected to DataSource.Stack Overflow用户
发布于 2021-04-12 14:30:36
您正在使用的JDBC驱动程序的版本是什么?如果使用的是最新的18.3,则可以在URL中传递连接属性。请查看这个12.2及更低的博客。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/66853463
复制相关文章
相似问题
腾讯云开发者
