更新 OpenJDK 的次要版本后,我在任何使用 HTTPS 协议的 API 调用中都会遇到错误
相同的代码在旧版本上运行良好。
旧版本(工作正常):
java version "11.0.2" 2019-01-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)
新版本(不起作用):
openjdk version "11.0.10" 2021-01-19
OpenJDK Runtime Environment (build 11.0.10+9-Ubuntu-0ubuntu1.18.04)
OpenJDK 64-Bit Server VM (build 11.0.10+9-Ubuntu-0ubuntu1.18.04, mixed mode, sharing)
错误:
javax.net.ssl.SSLException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @2e0fa5d3; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')
Caused by: java.lang.ClassCastException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @2e0fa5d3; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')
at java.base/sun.security.ssl.XDHKeyExchange$XDHEPossession.<init>(XDHKeyExchange.java:108)
at java.base/sun.security.ssl.NamedGroup$XDHFunctions.createPossession(NamedGroup.java:754)
at java.base/sun.security.ssl.NamedGroup.createPossession(NamedGroup.java:394)
at java.base/sun.security.ssl.SSLKeyExchange$T13KeyAgreement.createPossession(SSLKeyExchange.java:568)
at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:84)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareProducer.produce(KeyShareExtension.java:257)
at java.base/sun.security.ssl.SSLExtension.produce(SSLExtension.java:563)
at java.base/sun.security.ssl.SSLExtensions.produce(SSLExtensions.java:253)
at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:650)
at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:525)
at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:232)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
... 11 common frames omitted
我正在使用
URLConnectionURL connection.connect()有什么解决方案或解决方法吗? 如何降级小版本?
对于这种类型的 bouncycastle 类,未找到异常。 需要将充气城堡依赖项添加到您的
pom.xmlbuild.gradle为 Maven 和 gradle 添加以下依赖项。
对于 Gradle::
implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.68'对于 Maven ::
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.68</version>
</dependency>
为了谷歌的完整性,答案是当 JDK 添加对 X25519 和 X448 ECDH 协议的支持时,底层 API 发生了变化。 Bouncycastle 必须使用多版本类来解决这个问题。所以你更新了你的依赖关系。
如果这不是您的软件,解决方法(如此问题)通常是删除对这些协议的支持,如下所示:
java -Djdk.tls.namedGroups="secp256r1, secp384r1, ffdhe2048, ffdhe3072" ...
或
export JAVA_TOOL_OPTIONS="-Djdk.tls.namedGroups=\"secp256r1, secp384r1, ffdhe2048, ffdhe3072\""
我快要疯了。它确实有效。非常感谢。
<version>1.68</version>