如何在 Java 中启用 SSL 3
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28236091/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to enable SSL 3 in Java
提问by Evandro Pomatti
Since Java 8 Update 31 the SSL 3 protocol is disabled by default due to security flaws in the SSL Protocol (see POODLE attack).
从 Java 8 Update 31 开始,由于 SSL 协议中的安全缺陷(请参阅POODLE 攻击),默认情况下禁用 SSL 3 协议。
Even if not recommended, how can it be enabled?
即使不推荐,如何启用?
采纳答案by Evandro Pomatti
Unless you have no choice other than using SSL 3, the link below explains the configuration.
除非您别无选择,只能使用 SSL 3,否则下面的链接解释了配置。
The release notes for the update 31provide information for enabling the SSL 3 again in Java.
更新 31的发行说明提供了在 Java 中再次启用 SSL 3 的信息。
As stated:
就像声明的那样:
If SSLv3 is absolutely required, the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security property to "true" before JSSE is initialized.
如果绝对需要SSLv3 ,则可以通过从 java.security 文件中的 jdk.tls.disabledAlgorithms 属性中删除“SSLv3”或通过在 JSSE 初始化之前将此 Security 属性动态设置为“true”来重新激活协议。
Keep in mind that even the TLS protocol can be exploited to allow an insecure access with SSL 3, thats also part of the POODLE flaw. Enabling this for Java or any other technology should be a last resort only for critical reasons.
请记住,即使是 TLS 协议也可以被利用来允许使用 SSL 3 进行不安全的访问,这也是 POODLE 缺陷的一部分。仅出于关键原因,才应为 Java 或任何其他技术启用此功能。
回答by Aydin K.
If you must re-enable SSLv3.0 on either 8u31, 7u75, 6u91 all you have to do is comment out the following line in JRE_HOME/lib/security/java.security:
如果您必须在 8u31、7u75、6u91 上重新启用 SSLv3.0,您所要做的就是在JRE_HOME/lib/security/java.security 中注释掉以下行:
jdk.tls.disabledAlgorithms=SSLv3
Code:
代码:
import javax.net.ssl.*;
public class SocketProtocols {
public static void main(String[] args) throws Exception {
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket soc = (SSLSocket) factory.createSocket();
// Returns the names of the protocol versions which are
// currently enabled for use on this connection.
String[] protocols = soc.getEnabledProtocols();
System.out.println("Enabled protocols:");
for (String s : protocols) {
System.out.println(s);
}
}
}
Output:
输出:
Before enabling SSL 3.0
启用 SSL 3.0 之前
$ /jdk1.8.0_31/bin/java SocketProtocols
Enabled protocols:
TLSv1
TLSv1.1
TLSv1.2
After enabling SSL 3.0
启用 SSL 3.0 后
$ /jdk1.8.0_31/bin/java SocketProtocols
Enabled protocols:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
credits/source: http://javablogx.blogspot.de/2015/02/enabling-ssl-v30-in-java-8.html
学分/来源:http: //javablogx.blogspot.de/2015/02/enabling-ssl-v30-in-java-8.html
回答by Chris Horting
I found both of these edits were required in order to connect to a DRAC 5 card:
我发现需要进行这两项编辑才能连接到 DRAC 5 卡:
Remove MD5:
删除 MD5:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
Remove SSLv3, RC4, and MD5withRSA:
删除 SSLv3、RC4 和 MD5withRSA:
jdk.tls.disabledAlgorithms=DH keySize < 768
回答by mR_fr0g
You can set the jdk.tls.disabledAlgorithmssecurity property at runtime like so.
您可以jdk.tls.disabledAlgorithms像这样在运行时设置安全属性。
static {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}
