在netty 4.1.48中,将jdk.tls.client.protocols系统属性设置为TLSv1.2无法工作。

问题描述 投票:0回答:1

我们正在使用Redisson客户端,它使用netty连接到Redis服务器。在netty 4.1.42.Final的情况下,一切正常。但是升级到netty 4.1.48.Final后,发送TLSv1 ClientHello,因此无法连接到服务器。尝试通过设置jdk.tls.client.protocols系统属性来指定TLSv1.2,但netty似乎并不尊重它。

开启Java跟踪功能后,在跟踪文件中看到了以下内容。

在netty 4.1.48中,默认协议只有TLSv1:

jdk.tls.client.protocols is defined as TLSv1.2
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1.2]
IBMJSSE2 will enable CBC protection
12:00:41.624 [redisson-netty-2-9] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1]

在netty 4.1.42中,默认协议包括TLSv1.2:

jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
10:18:00.008 [redisson-netty-2-23] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]

netty 4.1.48跟踪,当jdk.tls.client.protocols系统属性未设置时。

jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
IBMJSSE2 will enable CBC protection
09:54:19.626 [redisson-netty-2-25] DEBUG io.netty.handler.ssl.JdkSslContext - Default protocols (JDK): [TLSv1]

java -version output:

java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 8.0.5.27 - pwa6480sr5fp27-20190104_01(SR5 FP27))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows 10 amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)
OpenJ9   - 3f2d574
OMR      - 109ba5b
IBM      - e2996d1)
JCL - 20190104_01 based on Oracle jdk8u191-b26

有谁遇到过这种情况,或者知道如何解决?

谢谢!我们使用的是Redisson客户端。

netty redisson
1个回答
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.