我正在依次使用码头(9.4.12.v20180830)HTTPClient来调用REST API。
SSL / TLS握手失败,并带有以下异常跟踪。
我们是IBM Java 1.8版本。
jdk.tls.client.protocols定义为TLSv1.2已请求SSLv3协议,但未启用支持:[TLSv1,TLSv1.1,TLSv1.2]SERVER_DEFAULT:[TLSv1,TLSv1.1,TLSv1.2]CLIENT_DEFAULT:[TLSv1.2]IBMJSSE2将启用CBC保护使用SSLEngineImpl。IBMJSSE2将允许将com.ibm.jsse2.renegotiate设置为none或default的RFC 5746重新协商根据com.ibm.jsse2.renegotiation.indicator设置为OPTIONAL或默认采用的方式,IBMJSSE2在初次握手期间将不需要重新协商指示符根据com.ibm.jsse2.renegotiation.peer.cert.check设置为OFF或缺省值,在重新协商期间,IBMJSSE2不会对同等证书检查执行身份检查IBMJSSE2将允许每个jdk.tls.rejectClientInitiatedRenegotiation设置为FALSE或缺省值的客户机启动的重新协商根据设置为FALSE或缺省值的jdk.tls.allowUnsafeServerCertChange的重新协商,IBMJSSE2不允许更改不安全的服务器证书。
Is initial handshake: true %% No cached client session HttpClient@21ffc2b4-32, fatal error: 80: problem wrapping app data javax.net.ssl.SSLHandshakeException: No negotiable cipher suite HttpClient@21ffc2b4-32, SEND TLSv1.2 ALERT: fatal, description = internal_error HttpClient@21ffc2b4-32, WRITE: TLSv1.2 Alert, length = 2 HttpClient@21ffc2b4-32, called closeOutbound() HttpClient@21ffc2b4-32, closeOutboundInternal() [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: No negotiable cipher suite at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:110) at jdk.tls.client.protocols is defined as TLSv1.2 SSLv3 protocol was requested but was not enabled SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2] SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] CLIENT_DEFAULT: [TLSv1.2] IBMJSSE2 will enable CBC protection Using SSLEngineImpl. IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default Is initial handshake: true %% No cached client session HttpClient@21ffc2b4-32, fatal error: 80: problem wrapping app data javax.net.ssl.SSLHandshakeException: No negotiable cipher suite HttpClient@21ffc2b4-32, SEND TLSv1.2 ALERT: fatal, description = internal_error HttpClient@21ffc2b4-32, WRITE: TLSv1.2 Alert, length = 2 HttpClient@21ffc2b4-32, called closeOutbound() HttpClient@21ffc2b4-32, closeOutboundInternal() [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: No negotiable cipher suite at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:110) at
下面是使用的示例代码,
public void initialise() { /* * This is to suppress Jetty logging framework, otherwise it will log * errors & traces into stderr. Create and set a dummy Jetty Framework * as the Jetty logger class. */ System.setProperty("org.eclipse.jetty.util.log.class", "com.ibm.tivoli.netcool.integrations.transportmodule.JettyLoggerSink"); if (sslEnabled) { try { logger.log(Level.FINEST, "Initializing secure connection"); if (keyStoreFilename == null || keyStorePassword == null) { throw new Exception( "Key store filename or password not set."); } SslContextFactory sslContext = new SslContextFactory(false); sslContext.setKeyStorePath(keyStoreFilename); sslContext.setKeyStorePassword(keyStorePassword); sslContext.setProtocol("TLSv1.2"); sslContext.start(); client = new HttpClient(sslContext); } catch (Exception e) { initialise_successful = false; } } else { /* * Non-SSL client initialization */ client = new HttpClient(); } try { client.start(); } catch (Exception e) { initialise_successful = false; } initialise_successful = true; logger.log(Level.FINEST, "HTTP client has been successfully initialized"); }
将提供任何帮助。
我正在依次使用码头(9.4.12.v20180830)HTTPClient来调用REST API。 SSL / TLS握手失败,并带有以下异常跟踪。我们是IBM java 1.8版本。 jdk.tls.client ....
此问题完全是IBM维护的非标准JVM的结果(它不符合Java JVM标准,也不符合SSL / TLS标准。