我们正在使用Redisson客户端,它使用netty连接到Redis服务器。在netty 4.1.42.Final的情况下,一切正常。但是升级到netty 4.1.48.Final后,发送TLSv1 ClientHello,因此无法连接到服务器。尝试通过设置jdk.tls.client.protocols系统属性来指定TLSv1.2,但netty似乎并不尊重它。
开启Java跟踪功能后,在跟踪文件中看到了以下内容。
在netty 4.1.48中,默认协议只有TLSv1:
jdk.tls.client.protocols is defined as TLSv1.2
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1.2]
IBMJSSE2 will enable CBC protection
12:00:41.624 [redisson-netty-2-9] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1]
在netty 4.1.42中,默认协议包括TLSv1.2:
jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
10:18:00.008 [redisson-netty-2-23] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]
netty 4.1.48跟踪,当jdk.tls.client.protocols系统属性未设置时。
jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
IBMJSSE2 will enable CBC protection
09:54:19.626 [redisson-netty-2-25] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1]
java -version output:
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 8.0.5.27 - pwa6480sr5fp27-20190104_01(SR5 FP27))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows 10 amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)
OpenJ9 - 3f2d574
OMR - 109ba5b
IBM - e2996d1)
JCL - 20190104_01 based on Oracle jdk8u191-b26
有谁遇到过这种情况,或者知道如何解决?
谢谢!我们使用的是Redisson客户端。