Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

安全java ssl错误无法支持TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

2 周 Questions & Answers

我有一个基于java的应用程序,它是由一些客户提供的。 当我试着运行那个应用程序时,当我联系客户机,他们只是要求用8更新JCE时,我得到了下面的错误

我做了以下步骤

  1. 从Oracle JCE下载site下载软件
  2. 解压包并复制文件本地_策略。jar和美国的出口政策。jar进入JRE安全库

JRE-C:\Program Files\Java\jre1。8.0_144\lib\security

JDK-C:\Program Files\Java\jdk1。8.0_92\jre\lib\security

但仍然得到下面的错误

23:12:53.652错误[nioEventLoopGroup-4-5]c.s.w.s.s.h.CloudWebSocketFrameHandler-无法支持TLS_ECDHE_RSA_和_AES_256_GCM_SHA384以及当前安装的提供程序 JAVAlang.IllegalArgumentException:无法支持TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 WITH当前安装的提供程序 在阳光下。安全ssl。密码专家。(CipherSuiteList.java:92) 在阳光下。安全ssl。SSLEngineImpl。SetEnablediPhone套件(SSLEngineImpl.java:2038) 在com上。三星。wwst。sdk。模拟器。服务CloudClientManager。init(SamsungCloudClientManager.java:205) 在com上。三星。wwst。sdk。模拟器。汉德勒。CloudWebSocketFrameHandler。channelRead(SamsungCloudWebSocketFrameHandler.java:72)


共 (1) 个答案

  1. # 1 楼答案

    注意:这不是一个答案,而是对研究这个问题的帮助

    尝试使用以下代码列出Java安装中的所有密码套件

    SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

TreeMap<String, Boolean> ciphers = new TreeMap<>();
for (String cipher : ssf.getSupportedCipherSuites())
    ciphers.put(cipher, Boolean.FALSE);
for (String cipher : ssf.getDefaultCipherSuites())
    ciphers.put(cipher, Boolean.TRUE);

System.out.println("Default Cipher");
for (Entry<String, Boolean> cipher : ciphers.entrySet())
    System.out.printf("   %-5s%s%n", (cipher.getValue() ? '*' : ' '), cipher.getKey());

    当我在jdk1上运行时。8.0_151(Windows,64位),我得到以下输出:

    Default Cipher
        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_DSS_WITH_DES_CBC_SHA
        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_RSA_WITH_DES_CBC_SHA
        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
        SSL_DH_anon_WITH_DES_CBC_SHA
        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_RSA_WITH_DES_CBC_SHA
        SSL_RSA_WITH_NULL_MD5
        SSL_RSA_WITH_NULL_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DH_anon_WITH_AES_128_CBC_SHA
        TLS_DH_anon_WITH_AES_128_CBC_SHA256
        TLS_DH_anon_WITH_AES_128_GCM_SHA256
   *    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_NULL_SHA
   *    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_NULL_SHA
   *    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDH_ECDSA_WITH_NULL_SHA
   *    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDH_RSA_WITH_NULL_SHA
        TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_anon_WITH_AES_128_CBC_SHA
        TLS_ECDH_anon_WITH_NULL_SHA
   *    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
        TLS_KRB5_WITH_3DES_EDE_CBC_MD5
        TLS_KRB5_WITH_3DES_EDE_CBC_SHA
        TLS_KRB5_WITH_DES_CBC_MD5
        TLS_KRB5_WITH_DES_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_NULL_SHA256

    然后添加链接到的策略文件时,将更改输出到:

    Default Cipher
        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_DSS_WITH_DES_CBC_SHA
        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_RSA_WITH_DES_CBC_SHA
        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
        SSL_DH_anon_WITH_DES_CBC_SHA
        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
   *    SSL_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_RSA_WITH_DES_CBC_SHA
        SSL_RSA_WITH_NULL_MD5
        SSL_RSA_WITH_NULL_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   *    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
   *    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
   *    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
   *    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
   *    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
   *    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DH_anon_WITH_AES_128_CBC_SHA
        TLS_DH_anon_WITH_AES_128_CBC_SHA256
        TLS_DH_anon_WITH_AES_128_GCM_SHA256
        TLS_DH_anon_WITH_AES_256_CBC_SHA
        TLS_DH_anon_WITH_AES_256_CBC_SHA256
        TLS_DH_anon_WITH_AES_256_GCM_SHA384
   *    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_NULL_SHA
   *    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_NULL_SHA
   *    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDH_ECDSA_WITH_NULL_SHA
   *    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
   *    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
   *    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDH_RSA_WITH_NULL_SHA
        TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_anon_WITH_AES_128_CBC_SHA
        TLS_ECDH_anon_WITH_AES_256_CBC_SHA
        TLS_ECDH_anon_WITH_NULL_SHA
   *    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
        TLS_KRB5_WITH_3DES_EDE_CBC_MD5
        TLS_KRB5_WITH_3DES_EDE_CBC_SHA
        TLS_KRB5_WITH_DES_CBC_MD5
        TLS_KRB5_WITH_DES_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA
   *    TLS_RSA_WITH_AES_128_CBC_SHA256
   *    TLS_RSA_WITH_AES_128_GCM_SHA256
   *    TLS_RSA_WITH_AES_256_CBC_SHA
   *    TLS_RSA_WITH_AES_256_CBC_SHA256
   *    TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_NULL_SHA256

    如您所见,添加策略文件可以启用AES 256密码套件