如何在Win10 / Tomcat7 / Java7上从Web应用程序启用TLSv1.1 +出站通信？ [英] How to enable TLSv1.1+ outbound communication from web app on Win10/Tomcat7/Java7?

问题描述

对不起，如果我的问题似乎多余。我发现大量的Q& As on stackoverflow和一堆其他资源关于为Tomcat，Java客户端，操作系统启用TLSv1.1 + ......但是我仍然无法在Win10 / Tomcat7上的本地环境中启用它/ java7目录。可能，我只是弄错了。

Sorry if my question seems redundant. I found tons of Q&As on stackoverflow and a bunch of other resources about enabling TLSv1.1+ for Tomcat, for Java Clients, for OSes..., but still I can't enable it on my local env on Win10/Tomcat7/Java7. Probably, I'm just getting something wrong.

所以，要清楚，我在tomcat上部署了一个java web应用程序。此Web应用程序通过https向远程服务发出请求。以前这些远程服务支持TLSv1.0，我的应用程序运行正常。现在这些远程服务只支持TLSv1.1 +，我收到错误/实际上是一个简单的html页面响应说：

So, to be clear, I have a java web app deployed on tomcat. This web app makes requests to remote services via https. Previously these remote services supported TLSv1.0, and my app worked fine. Now these remote services support only TLSv1.1+, and I'm getting an error/actually a simple html page response saying:

To access this website, update your web browser or upgrade your operating system to support TLSv1.1 or TLSv1.2

我试图通过多种方式为我的webapp启用TLSv1.1 +出站通信支持，但它仍然不起作用。所以，我试过了：

I tried to enable TLSv1.1+ outbound communication support for my webapp in a number of ways, but still it doesn't work. So, I tried:

set CATALINA_OPTS=-Dhttps.protocols=TLSv1.1,TLSv1.2

set CATALINA_OPTS=-Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true

JAVA_OPTS 的相同内容。我通过添加系统环境变量并在启动tomcat之前简单地设置cmd来尝试它。
另外，我在Control Panel \Programs \ Java控制面板高级选项卡中设置了TLSv1.1和TLSv1.2支持。

And the same stuff for JAVA_OPTS. I tried it both by adding to system enviroment variables and simply setting in cmd before starting tomcat. Also, I set TLSv1.1 and TLSv1.2 support at Control Panel\Programs\Java Control Panel Advanced Tab.

以下是我的环境的详细信息：

Here are details about my env:

Windows版本：

Windows version:

Microsoft Windows [Version 10.0.14393]

Tomcat启动日志（前n行）：

Tomcat startup log (first n lines):

c:\Program Files\apache-tomcat-7.0.72\bin>catalina.bat run
Using CATALINA_BASE:   "C:\Program Files\apache-tomcat-7.0.72"
Using CATALINA_HOME:   "C:\Program Files\apache-tomcat-7.0.72"
Using CATALINA_TMPDIR: "C:\Program Files\apache-tomcat-7.0.72\temp"
Using CATALINA_OPTS:    "-Dhttps.protocols=TLSv1.1,TLSv1.2 -Xms1024m -Xmx2048m -XX:MaxPermSize=256m"
Using JRE_HOME:        "C:\Program Files\Java\jdk1.7.0_80\jre"
Using CLASSPATH:       "C:\Program Files\apache-tomcat-7.0.72\bin\bootstrap.jar;C:\Program Files\apache-tomcat-7.0.72\bin\tomcat-juli.jar"
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version:        Apache Tomcat/7.0.72
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server built:          Sep 14 2016 12:12:26 UTC
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server number:         7.0.72.0
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Name:               Windows 8.1
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Version:            6.3
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Architecture:          amd64
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Java Home:             C:\Program Files\Java\jdk1.7.0_80\jre
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Version:           1.7.0_80-b15
Jan 12, 2017 3:40:54 PM org.apache.catalina.startup.VersionLoggerListener log
...

我无法得到我做错的事。

I can't get what I'm doing wrong.

更新：

如果我将tomcat的JRE_HOME切换为JAVA 8，它可以正常工作

If I'm switching JRE_HOME for tomcat to JAVA 8, it works fine

目前我通过添加此代码来修复它来配置apache HttpClient：

For now I fixed it by adding this code to configure apache HttpClient:

SSLContext sslContext = null;
        try {
            sslContext = SSLContexts.custom().useTLS().build();
        } catch (KeyManagementException | NoSuchAlgorithmException e1) {
            // TODO Auto-generated catch block
            e1.printStackTrace();
        }

        SSLConnectionSocketFactory f = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1.1", "TLSv1.2" }, null,
                new AllowAllHostnameVerifier());

        httpclient = HttpClients.custom().setSSLSocketFactory(f).build();

但是，如果没有代码修改仍然无法完成？通过某种方式配置tomcat java或系统？ JAVA 8的原因一切正常，无需修改代码。

But, still can't it be done without code modifications? By configuring tomcat java or system somehow? Cause with JAVA 8 everything works without code modifications.

推荐答案

在tomcat中启用Tls，添加此参数 sslEnabledProtocols = Tomcat / conf /文件夹中tomcat的server.xml文件的Connector部分中的TLSv1.X。例如：配置TLSv1.1遵循以下配置。

to enable Tls in tomcat, add this parameter sslEnabledProtocols="TLSv1.X" in Connector section of server.xml file of tomcat at tomcat/conf/ folder. for eg: to configure TLSv1.1 follow the below configuration.

    <Connector port="8443" 
 protocol="org.apache.coyote.http11.Http11Protocol"
 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 keystoreFile="ssl/.keystore" keystorePass="changeit"
 clientAuth="false" sslProtocol="SSL" sslEnabledProtocols="TLSv1.1" />

重启服务器

这篇关于如何在Win10 / Tomcat7 / Java7上从Web应用程序启用TLSv1.1 +出站通信？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！