Java 如何使用 AES-256 在 Spring Boot 上设置 SSL (TLS) / HTTPS?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30404579/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set up SSL (TLS) / HTTPS on Spring Boot using AES-256?
提问by David Castillo
I set up SSL on my Spring Boot server using RSA (How to configure SSL / HTTPS on Spring?) by following their guide:
我按照他们的指南使用 RSA(如何在 Spring 上配置 SSL/HTTPS?)在我的 Spring Boot 服务器上设置 SSL :
- Created a new keystore and key using
keytool -genkey -alias <alias> -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 Placed these lines in my application.properties file:
server.port: 8443 server.ssl.key-store: classpath:keystore.p12 server.ssl.key-store-password: <keystore password> server.ssl.key-password = <key password> server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias: <alias>
- 使用创建了一个新的密钥库和密钥
keytool -genkey -alias <alias> -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 将这些行放在我的 application.properties 文件中:
server.port: 8443 server.ssl.key-store: classpath:keystore.p12 server.ssl.key-store-password: <keystore password> server.ssl.key-password = <key password> server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias: <alias>
Works like a charm. But when I generate an AES 256 key by running keytool -genseckey -keystore keystore.jck -storetype JCEKS -storepass <store pass> -keyalg AES -keysize 256 -alias <alias> -keypass <key pass>, and change the .properties file to the new keystore / key values, every request to the server results in 0 EMPTY RESPONSE. What steps should I follow to configure it successfully?
奇迹般有效。但是当我通过运行生成 AES 256 密钥keytool -genseckey -keystore keystore.jck -storetype JCEKS -storepass <store pass> -keyalg AES -keysize 256 -alias <alias> -keypass <key pass>并将 .properties 文件更改为新的密钥库/密钥值时,对服务器的每个请求都会导致0 EMPTY RESPONSE. 我应该遵循哪些步骤来成功配置它?
采纳答案by David Castillo
Got it. Solved it. Key algorithms have little to do with the cipher you want to use (AES 256, in my case). Got it to work with a regular RSA, PKCS12 key.
知道了。解决了。密钥算法与您要使用的密码几乎没有关系(在我的情况下为 AES 256)。让它与常规 RSA、PKCS12 密钥一起使用。
Then, set the next properties in application.properties:
然后,在 application.properties 中设置下一个属性:
server.ssl.ciphers=ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
server.ssl.protocol=TLS
回答by lekant
I had the same issue. Changing JDK 1.6 to 1.8 worked.
我遇到过同样的问题。将 JDK 1.6 更改为 1.8 有效。
回答by razor
I had a problem with Spring Boot and embedded Tomcat, because my key didn't have 'tomcat' alias ... Creating key with 'tomcat' alias solved problems (embedded Tomcat wasn't picking up other keys ?)
我在使用 Spring Boot 和嵌入式 Tomcat 时遇到了问题,因为我的密钥没有“tomcat”别名……使用“tomcat”别名创建密钥解决了问题(嵌入式 Tomcat 没有选择其他密钥?)
