javax.net.ssl.SSLHandshakeException:没有可协商的密码套件(严重错误:80:包装应用程序数据时出现问题)

问题描述 投票:1回答:1

我正在依次使用码头(9.4.12.v20180830)HTTPClient来调用REST API。

SSL / TLS握手失败,并带有以下异常跟踪。

我们是IBM Java 1.8版本。

jdk.tls.client.protocols定义为TLSv1.2已请求SSLv3协议,但未启用支持:[TLSv1,TLSv1.1,TLSv1.2]SERVER_DEFAULT:[TLSv1,TLSv1.1,TLSv1.2]CLIENT_DEFAULT:[TLSv1.2]IBMJSSE2将启用CBC保护使用SSLEngineImpl。IBMJSSE2将允许将com.ibm.jsse2.renegotiate设置为none或default的RFC 5746重新协商根据com.ibm.jsse2.renegotiation.indicator设置为OPTIONAL或默认采用的方式,IBMJSSE2在初次握手期间将不需要重新协商指示符根据com.ibm.jsse2.renegotiation.peer.cert.check设置为OFF或缺省值,在重新协商期间,IBMJSSE2不会对同等证书检查执行身份检查IBMJSSE2将允许每个jdk.tls.rejectClientInitiatedRenegotiation设置为FALSE或缺省值的客户机启动的重新协商根据设置为FALSE或缺省值的jdk.tls.allowUnsafeServerCertChange的重新协商,IBMJSSE2不允许更改不安全的服务器证书。

Is initial handshake: true
%% No cached client session
HttpClient@21ffc2b4-32, fatal error: 80: problem wrapping app data
javax.net.ssl.SSLHandshakeException: No negotiable cipher suite
HttpClient@21ffc2b4-32, SEND TLSv1.2 ALERT:  fatal, description = internal_error
HttpClient@21ffc2b4-32, WRITE: TLSv1.2 Alert, length = 2
HttpClient@21ffc2b4-32, called closeOutbound()
HttpClient@21ffc2b4-32, closeOutboundInternal()
[Raw write]: length = 7
0000: 15 03 03 00 02 02 50                               ......P

java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: No negotiable cipher suite
        at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118)
        at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:110)
        at

jdk.tls.client.protocols is defined as TLSv1.2
    SSLv3 protocol was requested but was not enabled
    SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
    SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
    CLIENT_DEFAULT: [TLSv1.2]
    IBMJSSE2 will enable CBC protection
    Using SSLEngineImpl.
    IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
    IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
    IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
    IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
    IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default

    Is initial handshake: true
    %% No cached client session
    HttpClient@21ffc2b4-32, fatal error: 80: problem wrapping app data
    javax.net.ssl.SSLHandshakeException: No negotiable cipher suite
    HttpClient@21ffc2b4-32, SEND TLSv1.2 ALERT:  fatal, description = internal_error
    HttpClient@21ffc2b4-32, WRITE: TLSv1.2 Alert, length = 2
    HttpClient@21ffc2b4-32, called closeOutbound()
    HttpClient@21ffc2b4-32, closeOutboundInternal()
    [Raw write]: length = 7
    0000: 15 03 03 00 02 02 50                               ......P

    java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: No negotiable cipher suite
            at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118)
            at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:110)
            at

下面是使用的示例代码,
public void initialise() {
        /*
         * This is to suppress Jetty logging framework, otherwise it will log
         * errors & traces into stderr. Create and set a dummy Jetty Framework
         * as the Jetty logger class.
         */
        System.setProperty("org.eclipse.jetty.util.log.class",
                "com.ibm.tivoli.netcool.integrations.transportmodule.JettyLoggerSink");

        if (sslEnabled) {
            try {
                logger.log(Level.FINEST, "Initializing secure connection");
                if (keyStoreFilename == null || keyStorePassword == null) {
                    throw new Exception(
                            "Key store filename or password not set.");
                }
                SslContextFactory sslContext = new SslContextFactory(false);
                sslContext.setKeyStorePath(keyStoreFilename);
                sslContext.setKeyStorePassword(keyStorePassword);               
                sslContext.setProtocol("TLSv1.2");                
                sslContext.start();
                client = new HttpClient(sslContext);
            } catch (Exception e) {
                initialise_successful = false;
            }
        } else {
            /*
             * Non-SSL client initialization
             */
            client = new HttpClient();
        }
        try {
            client.start();

        } catch (Exception e) {
            initialise_successful = false;
        }
        initialise_successful = true;
        logger.log(Level.FINEST,
                "HTTP client has been successfully initialized");
    }

将提供任何帮助。

我正在依次使用码头(9.4.12.v20180830)HTTPClient来调用REST API。 SSL / TLS握手失败,并带有以下异常跟踪。我们是IBM java 1.8版本。 jdk.tls.client ....

ssl jetty httpclient handshake
1个回答
0
投票

此问题完全是IBM维护的非标准JVM的结果(它不符合Java JVM标准,也不符合SSL / TLS标准。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.