将jdk.tls.client.protocols系统属性设置为在Netty4.1.48中不工作的TLSv1.2
将jdk.tls.client.protocols系统属性设置为在Netty4.1.48中不工作的TLSv1.2
提问于 2020-04-28 16:33:17
我们使用Redisson客户端,它使用netty连接到Redis服务器。最后,一切都很顺利。但是在升级到netty 4.1.48.Final之后,TLSv1 ClientHello就会被发送,因此无法连接到服务器。尝试通过设置jdk.tls.client.protocols系统属性来指定TLSv1.2,但是netty似乎并没有实现它。
在打开Java跟踪之后,在跟踪文件中可以看到以下内容:
带有netty 4.1.48的,默认协议只有TLSv1:
jdk.tls.client.protocols is defined as TLSv1.2
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1.2]
IBMJSSE2 will enable CBC protection
12:00:41.624 [redisson-netty-2-9] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1]带有netty 4.1.42的,默认协议包括TLSv1.2:
jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
10:18:00.008 [redisson-netty-2-23] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]netty 4.1.48未设置jdk.tls.client.protocols系统属性时的跟踪:
jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
IBMJSSE2 will enable CBC protection
09:54:19.626 [redisson-netty-2-25] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1] java -version输出:
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 8.0.5.27 - pwa6480sr5fp27-20190104_01(SR5 FP27))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows 10 amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)
OpenJ9 - 3f2d574
OMR - 109ba5b
IBM - e2996d1)
JCL - 20190104_01 based on Oracle jdk8u191-b26还有人碰到这个或者知道怎么解决这个问题吗?
谢谢!
回答 1
Stack Overflow用户
发布于 2021-01-04 19:06:29
将jdk.tls.client.protocols系统属性设置为在Netty4.1.48中不工作的TLSv1.2
我不能100%肯定我们的解决方案是否会解决您的问题,但是我在跟踪日志中看到了IBM。我们还在Netty中将默认密码设置为TLSv1时出现了问题:
io.netty.handler.ssl.JdkSslContext.java:97 - Default protocols (JDK): [TLSv1]
io.netty.handler.ssl.JdkSslContext.java:98 - Default cipher suites (JDK):
[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA]事实证明,这是IBM的一个问题。以下代码默认情况下在AIX中释放[TLSv1]。不太好。在Redhat和Solaris下,它吐出了[TLSv1, TLSv1.1, TLSv1.2]。
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
String[] supportedProtocols = context.getDefaultSSLParameters().getProtocols();
System.out.println(Arrays.toString(supportedProtocols));根据这个IBM文档和其他IBM文档,解决方案是向JVM添加以下属性:
-Dcom.ibm.jsse2.overrideDefaultTLS=true我真的不喜欢这个答案,但我没有找到支持TLSv1.2的java.security文件行或其他系统范围的设置。下面是我使用的JVM的详细信息:
$ java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 8.0.5.0 - pap6480sr5-20170905_01(SR5))
IBM J9 VM (build 2.9, JRE 1.8.0 AIX ppc64-64 Compressed References 20170901_363591
(JIT enabled, AOT enabled)
J9VM - d56eb84
JIT - tr.open_20170901_140853_d56eb84
OMR - b033a01)
JCL - 20170823_01 based on Oracle jdk8u144-b01页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61485246
复制相关文章
相似问题
腾讯云开发者
