本文介绍了在Java 7中启用TLSv1.2和TLS_RSA_WITH_AES_256_CBC_SHA256密码套件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

Server:
TLS Version: v1.2
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Client:
JRE 1.7

当我尝试通过SSL直接从客户端连接到服务器时收到以下错误:

I am receiving the below error when I try to connect to the Server from Client through SSL directly:

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

以下代码使TLSv1.2

The below code enables TLSv1.2

  Set<String> enabledTLSSet = new HashSet<String>(Arrays.asList(sslsocket.getEnabledProtocols()));
  enabledTLSSet.add("TLSv1.2");
  sslsocket.setEnabledProtocols(enabledTLSSet.toArray(new String[enabledTLSSet.size()]));

以下代码启用TLS_RSA_WITH_AES_256_CBC_SHA256密码套件:

The below code enables TLS_RSA_WITH_AES_256_CBC_SHA256 Cipher Suite:

Set<String> enabledCipherSuitesSet = new HashSet<String>(Arrays.asList(sslsocket.getEnabledCipherSuites()));
      enabledCipherSuitesSet.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
      sslsocket.setEnabledCipherSuites(enabledCipherSuitesSet.toArray(new String[enabledCipherSuitesSet.size()]));

从Java代码执行上述两项后,我可以通过SSL。

After doing both of the above from Java code, I'm able to connect to the server successfully through SSL.

是否可以启用/强制 TLSv1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 在Java 7中,而不通过属性,参数或调试道具更改任何Java代码?

Is it possible to enable/force TLSv1.2 and TLS_RSA_WITH_AES_256_CBC_SHA256 in Java 7 without changing any Java Code through properties, parameters or Debug props?

我尝试所有形式和组合的所有以下属性(启用并禁用)并且失败。

I tried all of the below properties in all forms and combinations (enabling and disabling) and failed.

-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256
-Ddeployment.security.TLSv1.2=true

我正在执行类似于以下:

I'm executing the program similar to the below:

java -jar -Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 Ddeployment.security.TLSv1.2=true -Djavax.net.debug=ssl:handshake SSLPoker.jar <SERVER> 443

SSLPoker包含以下代码:

SSLPoker contains the below code:

package com.ashok.ssl;

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;

/**
 * Establish a SSL connection to a host and port, writes a byte and prints the response - Ashok Goli. See
 * http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
 */
public class SSLPoke {

  /**
   * The main method.
   * Usage: $java -jar SSLPoker.jar <host> <port>
   *
   * @param args the arguments
   */
  public static void main(String[] args) {
    if (args.length != 2) {
      System.out.println("Usage: " + SSLPoke.class.getName() + " <host> <port>");
      System.exit(1);
    }
    try {
      SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
      SSLSocket sslsocket =
          (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));

      InputStream in = sslsocket.getInputStream();
      OutputStream out = sslsocket.getOutputStream();

      // Write a test byte to get a reaction :)
      out.write(1);

      while (in.available() > 0) {
        System.out.print(in.read());
      }
      System.out.println("Successfully connected");

    } catch (Exception exception) {
      exception.printStackTrace();
    }
  }
}

任何指针如何实现这个没有Java代码的更改将不胜感激。

Any pointers how to achieve this with no Java code changes would be much appreciated.

推荐答案

只有使用简单的HTTPS连接(而不是SSL套接字) )使用属性

It is only possible if you use a simple HTTPS connection (not SSL Sockets) using the properties

-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256

请参阅

如果您需要使用直接安全的套接字协议,则在应用程序启动时创建一个TLSv1.2SSLContext,并使用SSLContext.setDefault(ctx)调用将该新上下文注册为

If you need to use directly secure socket protocol, create a "TLSv1.2" SSLContext at application startup and use the SSLContext.setDefault(ctx) call to register that new context as the default one.

SSLContext context = SSLContext.getInstance("TLSv1.2");
SSLContext.setDefault(context );

这篇关于在Java 7中启用TLSv1.2和TLS_RSA_WITH_AES_256_CBC_SHA256密码套件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

05-29 11:25
查看更多