0
我有一個jboss版本6.3.0.GA,使用java版本1.7.0_71 我的遠程服務器更改允許TLS協議從1.1到1.2,現在我必須更新我的客戶端(部署在jboss中)。 的問題是,這種變化之後,我得到:Jboss握手失敗客戶端連接使用TLSv1.1而不是TLSv1.2
faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
在SSL調試,我看到:
5:22:43,921 INFO [stdout] (http-/0.0.0.0:8080-1) *** ClientHello, TLSv1
15:22:43,923 INFO [stdout] (http-/0.0.0.0:8080-1) RandomCookie: GMT: 1467638563 bytes = { 250, 245, 94, 108, 232, 16, 43, 124, 53, 95, 38, 104, 249, 96, 71, 207, 230, 7, 84, 183, 41, 224, 63, 213, 186, 7, 179, 255 }
15:22:43,923 INFO [stdout] (http-/0.0.0.0:8080-1) Session ID: {}
15:22:43,923 INFO [stdout] (http-/0.0.0.0:8080-1) Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
15:22:43,924 INFO [stdout] (http-/0.0.0.0:8080-1) Compression Methods: { 0 }
15:22:43,924 INFO [stdout] (http-/0.0.0.0:8080-1) Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
15:22:43,924 INFO [stdout] (http-/0.0.0.0:8080-1) Extension ec_point_formats, formats: [uncompressed]
15:22:43,925 INFO [stdout] (http-/0.0.0.0:8080-1) Extension server_name, server_name: [host_name: cxg7d.test.centurylink.com]
15:22:43,925 INFO [stdout] (http-/0.0.0.0:8080-1) ***
15:22:43,925 INFO [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, WRITE: TLSv1 Handshake, length = 184
15:22:43,958 INFO [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, READ: TLSv1.2 Alert, length = 2
15:22:43,959 INFO [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, RECV TLSv1 ALERT: fatal, handshake_failure
15:22:43,959 INFO [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, called closeSocket()
15:22:43,960 INFO [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
15:22:43,963 ERROR [stderr] (http-/0.0.0.0:8080-1) AxisFault
15:22:43,964 ERROR [stderr] (http-/0.0.0.0:8080-1) faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
15:22:43,964 ERROR [stderr] (http-/0.0.0.0:8080-1) faultSubcode:
15:22:43,964 ERROR [stderr] (http-/0.0.0.0:8080-1) faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
甚至低於變更後已被應用
1 - 更新了「standalone.xml 「with below values
<system-properties>
<property name="https.protocols" value="TLSv1.2"/>
</system-properties>
2 - added below JAVA Options to serv呃開始:
-Djavax.net.debug=all -Ddeployment.security.TLSv1.2=true -Ddeployment.security.TLSv1.2=true -Ddeployment.security.TLSv1=false -Dhttps.protocols=TLSv1.2
3 - 改變圖形的協議在Java控制檯 JDK control panel
但沒有握手仍然存在。 我想錯誤是在「客戶端你好」,仍然使用TLSv1而不是1.2。 你有任何建議強制這個值嗎? S.