我有一个用java编写的测试服务器,支持TLS 1.3(通过命令检查:
openssl ciphers -v | grep TLSv1.3结果:新,TLSv1.3,密码为 TLS_AES_256_GCM_SHA384)
但是客户端 - Apache Camel 当尝试发送 POST 到服务器时,服务器响应是 ERROR。以下是完整的回复日志:
javax.net.ssl.SSLHandshakeException: No available authentication scheme
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.984 CEST|HandshakeContext.java:304|No available cipher suite for TLS12
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.984 CEST|HandshakeContext.java:304|No available cipher suite for TLS11
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.985 CEST|HandshakeContext.java:304|No available cipher suite for TLS10
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.985 CEST|ClientHello.java:678|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "DE B4 7F B8 C1 A8 D2 C7 4E 4B 2F 1B E1 EE CC F3 8B E7 1C BC 39 DC 96 4F 22 9B E6 B4 F7 95 34 67",
"session id" : "D2 7F 38 74 C4 C1 CD AF FB 04 EB DC FA 33 66 C2 4D 16 7C 2C 7C 13 6A 99 B0 99 26 1B 31 26 74 10",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=myHostname
},
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 55 5F F8 49 33 A5 E6 1C 98 99 D2 0C A2 70 B7 .U_.I3........p.
0010: B7 F2 D9 1D A4 4C D8 44 61 F6 98 77 FB 38 A4 E9 .....L.Da..w.8..
0020: CC 3D 58 1C AF 99 CA 70 3B 2A E1 95 BC CB 89 27 .=X....p;*.....'
0030: 72 4E DE 2F A3 7B C6 62 49 7B 1C B3 23 E5 D6 F7 rN./...bI...#...
0040: 71
}
},
]
}
]
}
)
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|ClientHello.java:708|Negotiated protocol version: TLSv1.3
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: psk_key_exchange_modes
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|PreSharedKeyExtension.java:804|Handling pre_shared_key absence.
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|ServerNameExtension.java:327|no server name matchers, ignore server name indication
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: signature_algorithms_cert
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: cookie
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: certificate_authorities
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha1
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha1
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:224|Populated with extension: signature_algorithms_cert
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:207|Ignore unavailable extension: cookie
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: psk_key_exchange_modes
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:207|Ignore unavailable extension: certificate_authorities
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.989 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.989 CEST|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.989 CEST|ServerHello.java:714|use cipher suite TLS_AES_256_GCM_SHA384
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.990 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.990 CEST|ServerHello.java:573|Produced ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "48 8F 4B 44 8B 85 28 1B 47 D1 7F 97 71 69 A9 F3 41 C5 C5 D6 4A 68 3F 95 BE 87 46 E5 9B 7A D1 10",
"session id" : "D2 7F 38 74 C4 C1 CD AF FB 04 EB DC FA 33 66 C2 4D 16 7C 2C 7C 13 6A 99 B0 99 26 1B 31 26 74 10",
"cipher suite" : "TLS_AES_256_GCM_SHA384(0x1302)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": secp256r1
"key_exchange": {
0000: 04 06 7F 37 27 51 3F BE D3 FF 4D B0 D3 36 9D 22 ...7'Q?...M..6."
0010: 4D 56 DC 03 4D 2B C2 D7 35 4C 96 31 D9 F2 3A 70 MV..M+..5L.1..:p
0020: 37 DE 91 17 7B C4 3B 24 DC 07 BD 99 23 B9 B7 18 7.....;$....#...
0030: FC 01 06 F6 98 76 8D 34 A2 55 3C 95 DC 93 D5 C8 .....v.4.U<.....
0040: 59
}
},
}
]
}
)
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.992 CEST|ServerNameExtension.java:537|No expected server name indication response
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.992 CEST|MaxFragExtension.java:463|Ignore unavailable max_fragment_length extension
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.993 CEST|AlpnExtension.java:384|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.993 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.993 CEST|EncryptedExtensions.java:137|Produced EncryptedExtensions message (
"EncryptedExtensions": [
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
}
]
)
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_rsae_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_rsae_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_rsae_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_pss_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_pss_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_pss_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_sha1
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha1
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1093|No available authentication scheme
javax.net.ssl|SEVERE|01|main|2023-08-11 13:58:40.996 CEST|TransportContext.java:323|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:318)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:274)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:265)
at sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)
at sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1141)
at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1077)
at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:714)
at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:682)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:822)
at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:73)
at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:913)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
at java.io.InputStreamReader.read(InputStreamReader.java:184)
at java.io.BufferedReader.fill(BufferedReader.java:161)
at java.io.BufferedReader.readLine(BufferedReader.java:324)
at java.io.BufferedReader.readLine(BufferedReader.java:389)
at HttpsServerExample2.main(HttpsServerExample2.java:39)}
)
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.996 CEST|SSLSocketImpl.java:1619|close the underlying socket
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.996 CEST|SSLSocketImpl.java:1638|close the SSL connection (initiative)
javax.net.ssl.SSLHandshakeException: No available authentication scheme
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.919 CEST|HandshakeContext.java:304|No available cipher suite for TLS12
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.919 CEST|HandshakeContext.java:304|No available cipher suite for TLS11
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.920 CEST|HandshakeContext.java:304|No available cipher suite for TLS10
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.924 CEST|ClientHello.java:678|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "D9 5E 2E A6 63 EE 12 27 49 40 05 21 F0 6B CD 0A 7F 0E F4 A6 71 6D A6 D4 96 4A FD F6 A5 07 5E 85",
"session id" : "0F 75 30 B1 4A 7B 71 A0
看起来 Apache-Camel 仍然使用 TLSv1.2。如何升级到1.3? 我需要升级java吗?我的 java 和 openssl 版本是:
java-版本 openjdk版本“1.8.0_382” OpenJDK 运行时环境 Corretto-8.382.05.1(内部版本 1.8.0_382-b05) OpenJDK 64 位服务器 VM Corretto-8.382.05.1(内部版本 25.382-b05,混合模式)
[root@myHostname tls1.3_python_java]# openssl 版本
OpenSSL 1.1.1v 2023 年 8 月 1 日(库:OpenSSL 1.1.1o 2022 年 5 月 3 日)
我想要 TLS 1.3 通信密码协议而不是 TLS 1.2。
也许我很困惑。您要求使用 TLS_AES_256_GCM_SHA384,即 TLS V1.3,但您将 TLS 版本设置为 1.2。您的服务器似乎有 TLS V1.3。
无论如何,我限制 TLS 版本的首选方法是编辑 java java.security 文件并禁用它们:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves将 TLSV1.2(如果尚未存在)添加到列表中,看看会发生什么。