如何在 Java 中设置 TLS1.2 版本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34609384/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set TLS1.2 version in Java
提问by user3436310
Environment details:
环境细节:
java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode).
We are using jboss-4.2.3.GA and thick client using ejb.
我们正在使用 jboss-4.2.3.GA 和使用 ejb 的胖客户端。
And we have tried to set the TLS1.2 version in the following ways:
我们尝试通过以下方式设置 TLS1.2 版本:
Control Panel --> Programs-->Java-->Advanced Tab-->Advanced Security Settings checked the TLS1.1 and TLS1.2 and unchecked the remaining old versions. But still in Wire shark software we are seeing client is talking to server in TLSV1 only.
-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=trueGiven in the startup script, but in Wire shark software we are seeing client is talking to server in TLSV1 only.
Reference link : https://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7
jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1in the
jre/lib/security/java.securityandjdk1.7.0_40/jre/lib/security/java.security. But still in Wire shark software we are seeing client is talking to server in TLSV1 only.Reference link : How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
控制面板-->程序-->Java-->高级选项卡-->高级安全设置勾选了TLS1.1和TLS1.2,其余的旧版本不勾选。但仍然在 Wireshark 软件中,我们看到客户端仅在 TLSV1 中与服务器通信。
-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true在启动脚本中给出,但在 Wireshark 软件中,我们看到客户端仅在 TLSV1 中与服务器通信。
参考链接:https: //superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7
jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1在
jre/lib/security/java.security和jdk1.7.0_40/jre/lib/security/java.security。但仍然在 Wireshark 软件中,我们看到客户端仅在 TLSV1 中与服务器通信。
Can somebody tell us how enforce TLS1.2 version for both client and server.
有人可以告诉我们如何为客户端和服务器强制执行 TLS1.2 版本。
回答by user6655242
I'm using Tomcat 6 with java 7 because java 6 and earlier versions don't support TLS1.2.
我将 Tomcat 6 与 java 7 一起使用,因为 java 6 及更早版本不支持 TLS1.2。
For configuring my server I did the following:
为了配置我的服务器,我执行了以下操作:
- Modified the file server.xml at tag Connector on its attribute sslEnabledProtocols as follows:
- 在其属性 sslEnabledProtocols 上的标签 Connector 处修改文件 server.xml 如下:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="450" scheme="https" secure="true"
keystoreFile="<your_keystore>" keystorePass="<somepasswd>" clientAuth="false"
keyAlias="tomcat" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
URIEncoding="UTF-8" maxHttpHeaderSize="32768"
ciphers = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" />
- I tested my whole application for avoiding no compatibilities.
- 我测试了我的整个应用程序以避免不兼容。
回答by Xin Zhang
I am working with a Java command application and had a similar issue.
我正在使用 Java 命令应用程序并遇到类似的问题。
From Oracle, java 7 default using TLSv1, java 8 default using TLSv1.2
来自 Oracle,java 7 默认使用 TLSv1,java 8 默认使用 TLSv1.2
After I try to the application using JRE8, the application starts to use TLSv1.2 automatically. Here is my java info:
在我尝试使用 JRE8 的应用程序后,应用程序开始自动使用 TLSv1.2。这是我的java信息:
java version "1.8.0_92"
Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode)
I continued to search how I can configure what runtime TLS version with Java8, I tried your 1st,2nd way (also including -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2) and nothing really changed.
我继续搜索如何使用 Java8 配置运行时 TLS 版本,我尝试了您的第 1、2 种方式(也包括-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2),但没有任何真正改变。
I am able to see runtime changes when using your 3rd way for java8: jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1. I am not able to make it work using java7. Not sure if this is the same issue you have. Did you modify the correct JRE configuration your application is running on? Or if you could upgrade to java 8 and try again?
我能够使用java8你的第三个方式,当看到运行时更改:jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1。我无法使用 java7 使其工作。不确定这是否与您遇到的问题相同。您是否修改了运行应用程序的正确 JRE 配置?或者您是否可以升级到 java 8 并重试?
Oracle needs to provide better documentation, good luck!
Oracle 需要提供更好的文档,祝你好运!
