由於「沒有適當的協議」而無法加載帶有證書的Web服務

Question

我試圖加載一個帶有SSL證書的Web服務，它表示服務器啓動但是當我嘗試使用這個Web服務時（通過SOAPUI ）我有「出現SSLHandshakeException」，在Eclipse的日誌我看到這一點：

No available cipher suite for SSLv2Hello No available cipher suite for SSLv3 No available cipher suite for TLSv1 No available cipher suite for TLSv1.1 No available cipher suite for TLSv1.2 qtp1589240253-57, fatal error: 80: problem unwrapping net record javax.net.ssl.SSLHandshakeException: No appropriate protocol qtp1589240253-57, SEND TLSv1 ALERT: fatal, description = internal_error qtp1589240253-57, WRITE: TLSv1 Alert, length = 2 qtp1589240253-57, called closeOutbound() qtp1589240253-57, closeOutboundInternal()

我想看看java.security文件上jdk.tls.disabledAlgorithms =， 但它已經評論。

這是我的代碼：

String address = "https://localhost:8052/test"; 
    JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean(); 
    sf.setServiceClass(new testImpl().getClass()); 
    sf.setAddress(address); 
    sf.getServiceFactory().setInvoker(new BeanInvoker(new 
    testImpl())); 
    SSLServerConfigUtil sSLServerConfigUtil = new SSLServerConfigUtil(); 
    sSLServerConfigUtil.setTrustpass("test123"); 
    sSLServerConfigUtil.setKeyStoreName("JKS"); 
    sSLServerConfigUtil.setFilePath("C:\\serverKeystore.jks"); 
    sSLServerConfigUtil.configureSSLOnTheServer(sf, 8052); 

公共類SSLServerConfigUtil {

private String trustpass; 
private String keyStoreName; 
private String filePath; 

public SSLServerConfigUtil() { 

} 

public JaxWsServerFactoryBean configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port, String address) { 
    try { 
     TLSServerParameters tlsParams = new TLSServerParameters(); 
     KeyStore keyStore = KeyStore.getInstance(keyStoreName); 
     String password = trustpass; 
     File truststore = new File(filePath); 
     keyStore.load(new FileInputStream(truststore), password.toCharArray()); 
     KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
     keyFactory.init(keyStore, password.toCharArray()); 
     KeyManager[] km = keyFactory.getKeyManagers(); 
     tlsParams.setKeyManagers(km); 

     truststore = new File(filePath); 
     keyStore.load(new FileInputStream(truststore), password.toCharArray()); 
     TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory 
       .getDefaultAlgorithm()); 
     trustFactory.init(keyStore); 
     TrustManager[] tm = trustFactory.getTrustManagers(); 
     tlsParams.setTrustManagers(tm); 

     FiltersType filter = new FiltersType(); 
     filter.getInclude().add(".*_EXPORT_.*"); 
     filter.getInclude().add(".*_EXPORT1024_.*"); 
     filter.getInclude().add(".*_WITH_DES_.*"); 
     filter.getInclude().add(".*_WITH_NULL_.*"); 
     filter.getExclude().add(".*_DH_anon_.*"); 
     filter.getInclude().add(".*_CBC_*"); 
     filter.getInclude().add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 

     tlsParams.setCipherSuitesFilter(filter); 

     ClientAuthentication ca = new ClientAuthentication(); 
     ca.setRequired(true); 
     ca.setWant(true); 
     tlsParams.setClientAuthentication(ca); 

     JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory(); 
     factory.setTLSServerParametersForPort(port, tlsParams); 

    } 
    catch (KeyStoreException kse) { 
     System.out.println("Security configuration failed with the following: " + kse.getCause()); 
    } 
    catch (NoSuchAlgorithmException nsa) { 
     System.out.println("Security configuration failed with the following: " + nsa.getCause()); 
    } 
    catch (FileNotFoundException fnfe) { 
     System.out.println("Security configuration failed with the following: " + fnfe.getCause()); 
    } 
    catch (UnrecoverableKeyException uke) { 
     System.out.println("Security configuration failed with the following: " + uke.getCause()); 
    } 
    catch (CertificateException ce) { 
     System.out.println("Security configuration failed with the following: " + ce.getCause()); 
    } 
    catch (GeneralSecurityException gse) { 
     System.out.println("Security configuration failed with the following: " + gse.getCause()); 
    } 
    catch (IOException ioe) { 
     System.out.println("Security configuration failed with the following: " + ioe.getCause()); 
    } 

    return sf; 
} 

public String getTrustpass() { 
    return trustpass; 
} 

public void setTrustpass(String trustpass) { 
    this.trustpass = trustpass; 
} 

public String getKeyStoreName() { 
    return keyStoreName; 
} 

public void setKeyStoreName(String keyStoreName) { 
    this.keyStoreName = keyStoreName; 
} 

public String getFilePath() { 
    return filePath; 
} 

public void setFilePath(String filePath) { 
    this.filePath = filePath; 
} 

}

日誌當服務器啓動：

> found key for : myserverkey 
chain [0] = [ 
[ 
    Version: V3 
    Subject: CN=localhost 
    Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3 

    Key: Sun DSA Public Key 
    Parameters:DSA 
    p:  fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669 
    455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7 
    6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb 
    83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7 
    q:  9760508f 15230bcc b292b982 a2eb840b f0581cf5 
    g:  f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267 
    5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1 
    3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b 
    cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a 

    y: 
    7dbaa1be 67511718 1d35eee7 6d52a7ef a204f2e4 2d0716cc 63671fac 1f094701 
    91f30d6d aa79efcd c7f3c076 27f16ff3 fe1e236c 06f7de90 13f7108e 54a25487 
    f40b1619 bbaf0a3a e2be9303 a458da35 8f1d5a42 5ded9e1e b55396e9 33668c46 
    03edd8db 49081077 3dbcd226 69f1a537 8edaa51f d6e9701f bee09df9 46cad1f3 

    Validity: [From: Thu Jan 28 08:45:23 GMT+02:00 2016, 
       To: Sat Jan 27 08:45:23 GMT+02:00 2018] 
    Issuer: CN=localhost 
    SerialNumber: [ 7879d2f7] 

Certificate Extensions: 1 
[1]: ObjectId: 2.5.29.14 Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
0000: B6 FA 45 5C B0 4F 56 0B E2 FB E3 D4 AA 90 69 0E ..E\.OV.......i. 
0010: CE 07 54 09          ..T. 
] 
] 

] 
    Algorithm: [SHA1withDSA] 
    Signature: 
0000: 30 2D 02 15 00 8E AA 9B A8 BD 67 F4 A3 2B 66 4C 0-........g..+fL 
0010: 56 12 81 51 57 08 1C 74 4C 02 14 08 F9 C5 12 0C V..QW..tL....... 
0020: 5A 3D BC 1C 5F CB D1 E9 D7 E3 01 89 36 24 4B  Z=.._.......6$K 

] 
*** 
adding as trusted cert: 
    Subject: CN=localhost 
    Issuer: CN=localhost 
    Algorithm: DSA; Serial number: 0x7879d2f7 
    Valid from Thu Jan 28 08:45:23 GMT+02:00 2016 until Sat Jan 27 08:45:23 GMT+02:00 2018 

Feb 03, 2016 8:56:33 AM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL 
INFO: Creating Service 
Feb 03, 2016 8:56:34 AM org.apache.cxf.endpoint.ServerImpl initDestination 
INFO: Setting the server's publish address to be https://localhost:8052/test 
Feb 03, 2016 8:58:26 AM org.eclipse.jetty.server.Server doStart 
INFO: jetty-7.5.4.v20111024 
trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Using SSLEngineImpl. 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Feb 03, 2016 8:59:13 AM org.eclipse.jetty.server.AbstractConnector doStart 
INFO: Started CXFJettySslSocketConnector@0.0.0.0:8052 STARTING 
Feb 03, 2016 8:59:17 AM org.eclipse.jetty.server.handler.ContextHandler startContext 
INFO: started o.e.j.s.h.ContextHandler{,null} 
Feb 03, 2016 8:59:18 AM com.sun.faces.config.ConfigureListener contextInitialized 
INFO: Initializing Mojarra 2.0.3 (FCS b03) for context '/OnInterfaces' 
Feb 03, 2016 8:59:19 AM com.sun.faces.spi.InjectionProviderFactory createInstance 
INFO: JSF1048: PostConstruct/PreDestroy annotations present. ManagedBeans methods marked with these annotations will have said annotations processed. 
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start 
INFO: Starting ProtocolHandler ["http-bio-8080"] 
Feb 03, 2016 8:59:19 AM org.apache.coyote.AbstractProtocol start 
INFO: Starting ProtocolHandler ["ajp-bio-8009"] 
Feb 03, 2016 8:59:19 AM org.apache.catalina.startup.Catalina start 
INFO: Server startup in 387136 ms 

可以請人幫忙？ 在此先感謝！

Answer 1

嘗試從oracle站點http://www.oracle.com/technetwork/es/java/javase/downloads/jce-7-download-432124.html（這是爲JAVA7，你應該下載你需要的）下載Java Criptography擴展jar文件到你的JAVA_HOME/jre/security/lib文件夾。 讓我們知道！問候

**編輯：使用InstallCert。 1.下載並編譯它。 2.編輯您的運行配置，通過以下方式添加程序參數：host：port passphrase（通常此傳遞爲「changeit」） 3.使用該配置運行它。 4. Installcert創建信任庫的副本，並將服務器中的證書添加到它。 5.將「jssecacerts」重命名爲cacerts，並用java替換原始cacerts文件> jre> security> lib 6.然後嘗試連接到您的服務器