Java 不受支持的 SSL 密码套件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19837511/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
unsupported SSL ciphersuite
提问by sakis kaliakoudas
I am trying to use some custom SSL cipher suites. Specifically my list is
我正在尝试使用一些自定义 SSL 密码套件。具体来说,我的清单是
<util:list id="ciphers" value-type="java.lang.String">
<value>DHE-RSA-AES256-SHA</value>
<value>DHE-DSS-AES256-SHA</value>
<value>DHE-RSA-CAMELLIA256-SHA</value>
<value>DHE-DSS-CAMELLIA256-SHA</value>
<value>AES256-SHA</value>
<value>CAMELLIA256-SHA</value>
<value>SSL_RSA_WITH_RC4_128_MD5</value> <---this is the only one working
<value>PSK-AES256-CBC-SHA</value>
<value>EDH-RSA-DES-CBC3-SHA</value>
<value>EDH-DSS-DES-CBC3-SHA</value>
<value>DES-CBC3-SHA</value>
<value>PSK-3DES-EDE-CBC-SHA</value>
<value>DHE-RSA-AES128-SHA</value>
<value>DHE-DSS-AES128-SHA</value>
<value>DHE-RSA-CAMELLIA128-SHA</value>
<value>DHE-DSS-CAMELLIA128-SHA</value>
<value>AES128-SHA</value>
<value>CAMELLIA128-SHA</value>
<value>PSK-AES128-CBC-SHA</value>
</util:list>
,initialized by Spring and passed to method
, 由 Spring 初始化并传递给方法
tlsClientParameters.setCipherSuites()
Unfortunately my client fails to connect to a stub server that I have created. The exception I am getting is:
不幸的是,我的客户端无法连接到我创建的存根服务器。我得到的例外是:
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite DHE-RSA-AES256-SHA
at com.sun.net.ssl.internal.ssl.CipherSuite.valueOf(CipherSuite.java:171)
at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:62)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:1977)
at org.apache.cxf.transport.https.SSLSocketFactoryWrapper.enableCipherSuites(SSLSocketFactoryWrapper.java:101)
at org.apache.cxf.transport.https.SSLSocketFactoryWrapper.createSocket(SSLSocketFactoryWrapper.java:71)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:372)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:883)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1394)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1336)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1414)
... 41 more
When I tried removing the ciphers suites one by one, the same exception kept appearing with a different cipher every time, until there was only SSL_RSA_WITH_RC4_128_MD5 left. This is the only one that seems to be working.
当我尝试一一删除密码套件时,每次都会出现相同的异常,并使用不同的密码,直到只剩下 SSL_RSA_WITH_RC4_128_MD5 为止。这是唯一一个似乎有效的方法。
I had a look at How to control the SSL ciphers available to Tomcatthat seems an identical issue, but I don't have an whitespaces.
我查看了如何控制 Tomcat 可用的 SSL 密码,这似乎是一个相同的问题,但我没有空格。
Edit: as a sidenote, my system is running on Java 1.5 could it be that these ciphers are just not supported at this java version? If not, is there a way around this ?
编辑:作为旁注,我的系统运行在 Java 1.5 上,难道这个 Java 版本不支持这些密码?如果没有,有没有办法解决这个问题?
Update: We migrated to Java 7 and I am still getting the same issue. I think that it's related to one of the answers below saying that these are not the standard names for the ciphers, and are thus not recognized by java. If that is the case, how can I find the standard names for these ciphers ?
更新:我们迁移到 Java 7,但我仍然遇到同样的问题。我认为这与以下答案之一有关,即这些不是密码的标准名称,因此无法被 java.util.Date 识别。如果是这种情况,我怎样才能找到这些密码的标准名称?
采纳答案by sakis kaliakoudas
For future reference, the list of ciphers I was using was from openssland they were generated by
为了将来参考,我使用的密码列表来自openssl,它们是由
openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:+HIGH:-MEDIUM:-LOW:-KRB5'.
I never found how to translate the openssl list of ciphers to the java 7 supported ones (or confirm whether they are the same ciphers, just under different names). I just changed my ciphers list to be the list provided here by Java
我从未找到如何将 openssl 密码列表转换为 java 7 支持的密码(或确认它们是否是相同的密码,只是名称不同)。我刚刚将我的密码列表更改为 Java 在此处提供的列表
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
and everything worked okay.
一切正常。
回答by user207421
Could it be that these ciphers are just not supported at this java version?
难道这个java版本不支持这些密码?
Certainly. The available cipher suites are documented. See the Standard Names document.
当然。记录了可用的密码套件。请参阅标准名称文档。
If not, is there a way around this?
如果没有,有没有办法解决这个问题?
Not unless you can find another implementation that supports them.
除非你能找到另一个支持它们的实现。
回答by Koekiebox
Check out:
查看:
Also,
还,
By default the local_policy.jarand US_export_policy.jarunder jre_home/lib/security/might not "enable" the cipher suites you want.
默认情况下,/lib/security/下的local_policy.jar和US_export_policy.jar可能不会“启用”您想要的密码套件。jre_home
To enable them, replace those two files with the ones found here Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download.
要启用它们,请将这两个文件替换为在Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download 中找到的文件。
You should not be able to use the cipher suites supported under Sun Providers.
您应该无法使用 Sun Providers 支持的密码套件。
Make sure that the cipher suite descriptions match the ones under the Sun Providers.
确保密码套件描述与 Sun Providers 下的描述相匹配。
回答by Sascha Wedler
// Get the SSLServerSocket
SSLServerSocketFactory ssl;
SSLServerSocket sslServerSocket;
ssl = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
sslServerSocket = (SSLServerSocket) ssl.createServerSocket();
// Get the list of all supported cipher suites.
String[] cipherSuites = sslServerSocket.getSupportedCipherSuites();
for (String suite : cipherSuites)
System.out.println(suite);
// Get the list of all supported protocols.
String[] protocols = sslServerSocket.getSupportedProtocols();
for (String protocol : protocols)
System.out.println(protocol);
