SSLCipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA的JMS连接握手失败 [英] JMS connection handshake is failing for SSLCipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA
问题描述
我正在使用Spring boot 1.2.2和JDK1.8.0.40,我已将SSL密码套件指定为SSL_RSA_WITH_3DES_EDE_CBC_SHA,并且还将cer文件导入密钥库.
I am using Spring boot 1.2.2 and JDK1.8.0.40, I have specified the SSL cipher suit as SSL_RSA_WITH_3DES_EDE_CBC_SHA and also import cer file to keystore.
运行项目时,我将jvm参数设置如下:
When I run my project, I set the jvm arguments as following:
-Djavax.net.debug=all -Djavax.net.ssl.keyStore=/java_home/jre/lib/security/cacerts -Djava.net.keyStorePassword=changeit
但是我总是得到
handing exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol(protocol is disabled or cipher suites are inappropriate)
SEND TLSv1.2 ALERT: fatal, description = handshake_failure
WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
called closeSocket()
com.ibm.msg.client.jms.DetailedJMSException: JMSWMQ0018: Failed to connect to queue manager 'XXXX' with connection mode 'Client' and host name 'xxx.xxx.com(xxxxx)'.
实际上,我已经进行了一些操作来解决此问题,例如:
Indeed I have do several operations to fix the issue, such as:
- 替换jce jar以取消加密限制
- 将cer文件导入到jks
- jvm参数中指定的jks路径
- 使用匹配的SSL密码套件
- 使用SSL频道
但是现在,我仍然无法通过握手,并且错误日志与上面相同.
But now, I still failed on handshake and the error logs are same as above.
还是我需要从计算机上生成cer并上传到服务器?您能给些建议吗?
Or do I need generate the cer from my machine and upload to the server? Could you kindly give some advice?
推荐答案
SSL_RSA_WITH_3DES_EDE_CBC_SHA是SSL 3密码套件. SSL 3不安全,并且在Java中默认情况下已禁用 8.您是否出于某种原因将密码套件用于不安全的协议?
SSL_RSA_WITH_3DES_EDE_CBC_SHA is an SSL 3 cipher suite. SSL 3 is insecure and disabled by default in Java 8. Is there any reason why you're using a ciphersuite for an insecure protocol?
If you want to stick to a single cipher suite, you can pick one that Java 8 supports.
这篇关于SSLCipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA的JMS连接握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
