java 在服务器端启用“-Djavax.net.debug=ssl:handshake”时出现“忽略不支持的密码套件”消息
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28380420/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"Ignoring unsupported cipher suite" message when "-Djavax.net.debug=ssl:handshake" is enabled on server side
提问by Ernestas Gruodis
I have implemented SSLServerSocketand when I start .jarfile with option -Djavax.net.debug=ssl:handshaketo debug secure handshakes, I get also these messages (before establishing some secure connection):
我已经实现SSLServerSocket,当我启动.jar带有-Djavax.net.debug=ssl:handshake调试安全握手选项的文件时,我也会收到这些消息(在建立一些安全连接之前):
...
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
...
What does it mean? Maybe I missing 256 bit security in Java (to replace a few files in Java directory)?
这是什么意思?也许我缺少 Java 中的 256 位安全性(替换 Java 目录中的一些文件)?
After creating SSLServerSocketI have enabled secure protocols like:
创建后,SSLServerSocket我启用了安全协议,例如:
socket.setEnabledProtocols(new String[]{"TLSv1","TLSv1.1","TLSv1.2","SSLv2Hello"});
Maybe I should enable these above cipher suites also?
也许我也应该启用上述密码套件?
Besides these cipher suites, everything works fine.
除了这些密码套件,一切正常。
EDIT:
编辑:
Yes, @Boris the Spider was right: after installing Oracle's unlimited strength policy filesthe warnings are no longer visible.
是的,@Boris the Spider 是对的:安装 Oracle 的无限强度策略文件后,警告不再可见。
回答by asm0dey
So the answer is you need Oracle's unlimited strength policy files
所以答案是你需要Oracle 的无限强度策略文件
Thanks Boris the Spider for the answer.
感谢蜘蛛鲍里斯的回答。
