如何解决 Tomcat 10 SSL 协议配置错误?

问题描述 投票:0回答:1

我的目标是设置 Tomcat 10 的 SSL 配置。这就是我的设置的样子。

<Connector
      port="8443"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="150"
      minSpareThreads="25"
      SSLEnabled="true"
      sslEnabledProtocols="TLSv1.2"
      scheme="https"
      secure="true"
      enableLookups="false"
      disableUploadTimeout="true"
      acceptCount="400"
      URIEncoding="UTF-8"
      clientAuth="false"
      defaultSSLHostConfigName="abx.io"
      SSLCertificateFile="conf/cert_abx/cert.pem"
      SSLCertificateKeyFile="conf/cert_abx/privkey.pem"
      connectionTimeout="20000">
  <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
  <SSLHostConfig
        hostName="abx.io"
        ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE>
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA">
    <Certificate
          certificateFile="conf/cert_abx/cert.pem"
          certificateKeyFile="conf/cert_abx/privkey.pem"
          certificateChainFile="conf/cert_abx/chain.pem"/>
  </SSLHostConfig>
</Connector>

但是,我收到错误

ERR_SSL_VERSION_OR_CIPHER_MISMATCH, The client and server don't support a common SSL protocol version or cipher suite.
此外,我尝试将协议更改为
org.apache.coyote.http11.Http11AprProtocol
,但这似乎不适用于当前的tomcat-10服务器。

tomcat java-17 tomcat10
1个回答
0
投票

配置中的某些属性在 Tomcat 10

中不再使用

例如:“sslEnabledProtocols”在 Tomcat 9 中被废弃,并从 Tomcat 10 中删除,而应使用“protocols”属性。

尝试使用以下配置并再次检查。

<Connector
      port="8443"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="150"
      minSpareThreads="25"
      SSLEnabled="true"
      scheme="https"
      secure="true"
      enableLookups="false"
      disableUploadTimeout="true"
      acceptCount="400"
      URIEncoding="UTF-8"
      clientAuth="false"
      defaultSSLHostConfigName="abx.io"
      connectionTimeout="20000">
  <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
  <SSLHostConfig hostName="abx.io" protocols="TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA">
    <Certificate
          certificateFile="conf/cert_abx/cert.pem"
          certificateKeyFile="conf/cert_abx/privkey.pem"
          certificateChainFile="conf/cert_abx/chain.pem"/>
  </SSLHostConfig>
</Connector>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.