Java 修改 Weblogic Server 以使用 TLS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32016744/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Modifiying Weblogic Server to use TLS
提问by Jay37
I have a VM running a Weblogic Server (running version 10.3.6) with 2 nodes. I also have a Tomcat server running on my host machine which runs an SSL web service, that the Weblogic Server has to connect to. I added the two startup parameters to the "Arguments" text area under startup:
我有一个运行带有 2 个节点的 Weblogic 服务器(运行版本 10.3.6)的虚拟机。我还有一个 Tomcat 服务器在我的主机上运行,它运行一个 SSL Web 服务,Weblogic 服务器必须连接到它。我在启动下的“Arguments”文本区添加了两个启动参数:
-Dweblogic.security.SSL.protocolVersion=TLSv1.1
-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.1
-Dweblogic.security.SSL.protocolVersion=TLSv1.1
-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.1
I added these since the nodes were trying to connect using SSLv2 before, and causing a handshake error with Tomcat.
我添加了这些,因为节点之前尝试使用 SSLv2 进行连接,并导致与 Tomcat 的握手错误。
After adding these parameters, I still see the nodes trying to connect to Tomcat using SSLv2. I'm trying to get it to use TLS. What else can I do to get it to use TLS?
添加这些参数后,我仍然看到尝试使用 SSLv2 连接到 Tomcat 的节点。我正在尝试让它使用 TLS。我还能做些什么来让它使用 TLS?
回答by Brian Ochs
The protocolVersion value should be TLS1 instead of TLSv1.1.
protocolVersion 值应该是 TLS1 而不是 TLSv1.1。
https://docs.oracle.com/middleware/1213/wls/SECMG/ssl_version.htm#SECMG636
https://docs.oracle.com/middleware/1213/wls/SECMG/ssl_version.htm#SECMG636
回答by Bruno
You're probably not using SSLv2, but an SSLv3 or TLS1.x ClientHellowrapped into an SSLv2 ClientHello. See "Why does Java's SSLSocket send a version 2 client hello?"or "How to initiate ssl connection using SSLv2".
您可能没有使用 SSLv2,而是将 SSLv3 或 TLS1.xClientHello包装到 SSLv2 中ClientHello。请参阅“为什么 Java 的 SSLSocket 发送版本 2 客户端问候?” 或“如何使用 SSLv2 启动 ssl 连接”。
Note that the latest JSSE Reference Guide (JDK 8)says:
请注意,最新的 JSSE 参考指南 (JDK 8)说:
Note: As part of disabling SSLv3, some servers have also disabled SSLv2Hello, which means communications with SSLv2Hello-active clients (e.g. JDK 1.5/6) will fail. Starting with JDK 7, SSLv2Hello default to disabled on clients, enabled on servers.
注意:作为禁用 SSLv3 的一部分,一些服务器也禁用了 SSLv2Hello,这意味着与 SSLv2Hello 活动客户端(例如 JDK 1.5/6)的通信将失败。从 JDK 7 开始,SSLv2Hello 默认在客户端禁用,在服务器启用。
The Java 7 release notesalso say:
在Java 7的发行说明也说:
SSLv2Hello disabled by default on the client: In Java SE 7, SSLv2Hello is removed from the default enabled protocol list on the client.
客户端默认禁用 SSLv2Hello:在 Java SE 7 中,SSLv2Hello 从客户端默认启用的协议列表中删除。
It's possible that you're using an older JRE or that for whatever reason, SSLv2Hello was explicitly enabled on your clients.
可能您使用的是较旧的 JRE,或者出于某种原因,在您的客户端上显式启用了 SSLv2Hello。
回答by DivyaTV
Setting -Dweblogic.security.SSL.minimumProtocolVersion=TLSv0 as java option, will set the minimum protocol to SSLV3 and will eliminate the use of SSLV2. This worked for me.
将 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv0 设置为 java 选项,会将最小协议设置为 SSLV3,并将消除 SSLV2 的使用。这对我有用。
TLSv0 is invalid, and WebLogic 12.1.3 will set SSLV3 as minimum.
TLSv0 无效,WebLogic 12.1.3 会将 SSLV3 设置为最小值。
回答by Evandro Pomatti
What is the Java version that you're using with WebLogic?
您在 WebLogic 中使用的 Java 版本是什么?
TLS 1.1 is available at Java 1.6 Update 111. That might be why it is not working. That using TLSv1as value
TLS 1.1 在Java 1.6 Update 111 中可用。这可能是它不起作用的原因。使用TLSv1作为值
