带SSL的RMI-服务器启动时的握手异常(没有通用的密码套件) [英] RMI with SSL - Handshake Exception (no cipher suites in common) when Server starts
本文介绍了带SSL的RMI-服务器启动时的握手异常(没有通用的密码套件)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
已更新!
当我尝试运行服务器时,我收到SSL握手异常(javax.net.ssl.SSLHandshakeException: no cipher suites in common).
远程方法仅将两个整数相加,并且应返回结果.
I'm getting an SSL Handshake Exception (javax.net.ssl.SSLHandshakeException: no cipher suites in common) when I try to run the server.
The remote method only adds two integers and should return the result.
这是例外,调试设置为全部"(这是出于学术目的):
This is the exception with the debug set to "all" (this is for academic purposes):
f4e@ubuntu:~/src$ java -cp /home/f4e/src:/home/f4e/public_html/classes/compute.jar -Djavax.net.debug=all JavaMainServer
keyStore is : /home/f4e/src/serverkeystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : server
chain [0] = [
[
Version: V3
Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 18523315733382648428919797254180215121918680143007156020237354938904591444431012172536331570011181574721085963241699242853767649174345376352591591448005435254849892937718191287509551368398704906969172147973698519659824622806121999239096092356467792628227325721217980719230231762025485862089668075844884800711903665577397049161291123872070216055386733370538028317923384382556173303479769656151061580819536871500370959735685963256143202392828062573471002182934694101563872088260168888834961204862115930106248918201069963020941120542510624155122918649342520758653875037471445162406226513752022792866552462931171741371669
public exponent: 65537
Validity: [From: Sun Oct 12 07:56:20 PDT 2014,
To: Mon Oct 12 07:56:20 PDT 2015]
Issuer: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
SerialNumber: [ 66990436]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB FB BA 6D C8 1E 01 C7 AF E7 4D F4 EC A2 A5 68 ...m......M....h
0010: D0 86 49 74 ..It
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 64 5D 21 4A 7F 0A 6E 2C FA 84 53 E2 32 C0 CF 0E d]!J..n,..S.2...
0010: 02 4E DE 2E 59 B2 5F 43 BF 5F A8 95 65 1C 28 02 .N..Y._C._..e.(.
0020: 50 C7 9A 4A E0 CF 88 5B 62 6E C6 97 92 64 13 F0 P..J...[bn...d..
0030: CE BA FD C9 51 1F 02 D3 02 05 93 2B 93 C1 35 0E ....Q......+..5.
0040: C2 1B 5F BA 97 63 B3 85 06 17 72 23 74 EA 40 04 .._..c....r#t.@.
0050: 40 31 36 AB 6D 93 DE 5B 6F 4F BB A1 0E 7A 55 AD @16.m..[oO...zU.
0060: AE C6 C2 07 D1 2D 36 CF E8 93 B1 1E 36 F6 6E E8 .....-6.....6.n.
0070: FE 37 7B 88 E8 B5 3E 01 62 5F 2D 0F D6 7E 6D 41 .7....>.b_-...mA
0080: 01 48 09 61 87 2E 29 4F E8 73 D5 D1 5F 09 43 D4 .H.a..)O.s.._.C.
0090: 88 0C 10 01 33 E7 5E 70 1D E9 54 0F 21 39 09 0F ....3.^p..T.!9..
00A0: E6 A9 43 64 B9 9C 09 BC 9B 5D 87 82 C0 70 58 60 ..Cd.....]...pX`
00B0: 84 56 E9 4B 48 76 CF 31 0F E9 33 5C 63 09 6B AA .V.KHv.1..3\c.k.
00C0: 7D 2E C8 72 84 8D 7A 59 6C A1 CA E0 85 31 C5 CA ...r..zYl....1..
00D0: 37 55 6D E7 3A B6 12 FE 7E 06 FA 9D CB 74 BE 52 7Um.:........t.R
00E0: 12 17 41 B6 41 E8 06 97 21 C3 29 A0 C6 50 D3 6A ..A.A...!.)..P.j
00F0: 42 99 22 CC F8 52 79 01 91 B1 6A 5B 81 3C 78 F6 B."..Ry...j[.<x.
]
***
trustStore is: /home/f4e/src/servertruststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
Issuer: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
Algorithm: RSA; Serial number: 0x66990436
Valid from Sun Oct 12 07:56:20 PDT 2014 until Mon Oct 12 07:56:20 PDT 2015
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256%% No cached client session
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*** ClientHello, TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
RandomCookie: GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71
, Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false115, 180, 83, 192, 38, 54
, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes: len = 119
0000: 01 00 00 73 03 01 54 3C 51 5A 39 F5 F3 44 F9 A5 ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB 4E 28 6F C6 E5 33 92 1B Gs.S.&6.N(o..RMI TCP Connection(2)-192.168.190.129, setSoTimeout(7200000) called3..
0020:
57 0D 21 61 86 EF 00 00 38 C0 0A C0 14 00 35 C0 W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 04 00 ................
0060: FF 01 00 00 12 00 0A 00 08 00 06 00 17 00 18 00 ................
0070: 19 00 0B 00 02 01 00 .......
main, WRITE: TLSv1 Handshake, length = 119
[Raw write]: length = 124[Raw read]: length = 5
0000: 16 03 01 00 77
0000: 16 03 01 .00 ..77 .01 w
[Raw read]: length = 11900 00
0000: 73 03 01 54 3C 51 5A 39 01 00 .00 .73 .03 .01 w.54 .3C . s.51 .5A T<QZ9
0010: 39 F5 F3 F5 44 F3 F9 44 F9 A5 A5 47 .73 .B4 . s.53 .T<QZ9.C0 .26 D.36 .EB
0010: 4E 47 28 73 6F B4 .53 .C0 D.26 .36 Gs.EB S. &6.4E N(o
0020: 28 C6 6F E5 C6 33 E5 92 33 92 1B 1B 57 Gs.0D S.&6.21 N(o. .61 3.86 .EF
0020: 00 57 00 0D 38 21 C0 61 0A 86 EF 00 .00 . 3.38 .C0 W.0A !a.C0 14 .00 .35 .C0 8. .W.
!a.0030: .C0 ..14 8.00 .35 .C0 ..05 5.C0
0F 0030: 05 00 C0 39 0F 00 00 38 39 00 C0 38 09 C0 C0 13 09 C0 13 00 2F C0 ...04 5.C0 . ......9..8.9..8......
0040: 00 .2F /.C0 ..04
C0 0040: 0E 0E 00 00 33 33 00 00 32 32 C0 07 C0 C0 07 11 00 05 C0 C0 02 11 C0 0C 00 C0 05 .../.3.2.........3...2..........
0050: 0050: 08 C0 C0 02 12 C0 00 0A 0C C0 C0 03 08 C0 C0 12 0D 00 00 16 00 13 00 0A 04 C0 00 03 C0 ..0D .00 ..16 . .....................
.0060: .FF .01 .00 .00
12 0060: 00 00 0A 13 00 00 04 08 00 00 FF 06 01 00 00 17 00 18 00 00 12 .00 .0A .00 ..08 .00 .06 .. ..............
.0070: .19 .00 .0B .00 .02 .01 .00 .
0070: 00 17 00 .18 .00 .19 ..00 .0B .
RMI TCP Connection(2)-192.168.190.129, READ: TLSv1 Handshake, length = 11900 02 01 00
*** ClientHello, TLSv1 ............
RandomCookie: GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71, 115, 180, 83, 192, 38, 54, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes: len = 119
0000: 01 00 00 73 03 01 54 3C 51 5A 39 F5 F3 44 F9 A5 ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB 4E 28 6F C6 E5 33 92 1B Gs.S.&6.N(o..3..
0020: 57 0D 21 61 86 EF 00 00 38 C0 0A C0 14 00 35 C0 W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 04 00 ................
0060: FF 01 00 00 12 00 0A 00 08 00 06 00 17 00 18 00 ................
0070: 19 00 0B 00 02 01 00 .......
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-2, SSL_NULL_WITH_NULL_NULL]
RMI TCP Connection(2)-192.168.190.129, SEND TLSv1 ALERT: fatal, description = handshake_failure
RMI TCP Connection(2)-192.168.190.129, WRITE: TLSv1 Alert, length = 2
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
JavaMainServer exception
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at JavaMainServer.main(JavaMainServer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:229)
... 4 more
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
RMI TCP Connection(2)-192.168.190.129, called closeSocket()
RMI TCP Connection(2)-192.168.190.129, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
RMI TCP Connection(2)-192.168.190.129, called close()
RMI TCP Connection(2)-192.168.190.129, called closeInternal(true)
这3个.java文件已通过我的问题的解决方法更新:
These 3 .java files were UPDATED with the solution of my problem:
JavaMainServer.java
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import java.rmi.RemoteException;
import java.net.*;
import java.util.*;
/**
*
* @author João
*/
public class JavaMainServer extends UnicastRemoteObject implements Compute {
public JavaMainServer() throws RemoteException {
super(0,
new SslRMIClientSocketFactory(),
new SslRMIServerSocketFactory(null, null, true));
}
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
try {
setSettings();
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
String name = "Compute";
Compute add = new JavaMainServer();
Registry reg = LocateRegistry.getRegistry(null, 1099,
new SslRMIClientSocketFactory());
reg.rebind(name, add);
System.out.println("JavaMainServer bound");
} catch (Exception e) {
System.err.println("JavaMainServer exception");
e.printStackTrace();
}
}
private static void setSettings() {
String pass = "ssfbpwks";
System.setProperty("java.security.policy", "server.policy");
System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
System.setProperty("java.rmi.server.hostname", "192.168.190.129");
System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/serverkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", pass);
System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/servertruststore");
System.setProperty("javax.net.ssl.trustStorePassword", pass);
}
@Override
public int addCalculation(int a, int b) {
return a + b;
}
}
JavaMainClient.java
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
/**
*
* @author João
*/
public class JavaMainClient {
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
try {
setSettings();
if(System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
String name = "Compute";
Registry reg = LocateRegistry.getRegistry(args[0], 1099,
new SslRMIClientSocketFactory());
Compute comp = (Compute) reg.lookup(name);
comp.addCalculation(Integer.parseInt(args[1]), Integer.parseInt(args[2]));
System.out.println(comp.addCalculation(Integer.parseInt(args[1]),
Integer.parseInt(args[2])));
} catch(Exception e) {
System.err.println("JavaMainClient exception:");
e.printStackTrace();
}
}
private static void setSettings() {
String pass = "csfbpwks";
System.setProperty("java.security.policy", "client.policy");
System.setProperty("java.rmi.server.codebase", "http://ubuntux/~f4e/classes/");
System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/clientkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", pass);
System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/clienttruststore");
System.setProperty("javax.net.ssl.trustStorePassword", pass);
}
}
RmiRegistry.java
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import java.rmi.registry.LocateRegistry;
public class RmiRegistry {
public static void main(String[] args) {
try {
setSettings();
LocateRegistry.createRegistry(1099, new SslRMIClientSocketFactory(),
new SslRMIServerSocketFactory(null, null, true));
Thread.sleep(Long.MAX_VALUE);
} catch(Exception e) {
System.err.println("RmiRegistry exception:");
e.printStackTrace();
}
}
private static void setSettings() {
String pass = "rsfbpwks";
//System.setProperty("java.security.policy", "server.policy");
System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
System.setProperty("java.rmi.server.hostname", "192.168.190.129");
System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/regkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", pass);
System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/regtruststore");
System.setProperty("javax.net.ssl.trustStorePassword", pass);
}
}
我使用以下 UPDATED 命令创建了密钥库,证书和信任库:
I used the following UPDATED commands to create the keystores, certificates and truststores:
keytool -genkeypair -alias server -keyalg RSA -validity 365 -keystore serverkeystore
keytool -export -alias server -keystore serverkeystore -rfc -file server.cer
keytool -import -alias servercert -file server.cer -keystore servertruststore
keytool -genkeypair -alias client -keyalg RSA -validity 365 -keystore clientkeystore
keytool -export -alias client -keystore clientkeystore -rfc -file client.cer
keytool -import -alias clientcert -file client.cer -keystore clienttruststore
keytool -genkeypair -alias reg -keyalg RSA -validity 365 -keystore regkeystore
keytool -export -alias reg -keystore regkeystore -rfc -file reg.cer
keytool -import -alias regcert -file reg.cer -keystore regtruststore
keytool -import -alias regcert -file reg.cer -keystore servertruststore
keytool -import -alias clientcert -file client.cer -keystore servertruststore
keytool -import -alias regcert -file reg.cer -keystore clienttruststore
keytool -import -alias servercert -file server.cer -keystore clienttruststore
keytool -import -alias clientcert -file client.cer -keystore regtruststore
keytool -import -alias servercert -file server.cer -keystore regtruststore
谢谢您的帮助.
推荐答案
好吧,我经过一番思考后终于解决了自己的问题(我终于明白了(我认为)SSL和证书正在发生什么.
因此,首先,由于使用SSL运行自定义RmiRegistry时,我需要在RmiRegistry上设置在JavaMainServer上设置的那些属性,当然还要为其创建证书,密钥库和信任库.
Okay, I ended up solving my own problem after thinking a bit (and I finally understood (I think) what is going on with SSL and certificates).
So, first of all, as I was running a custom RmiRegistry because of SSL, I needed to set those properties I set on JavaMainServer on the RmiRegistry and, of course, create certificate, keystore and truststore for it aswell.
此后,我得到了PKIX异常.经过一番思考,我意识到我必须将JavaMainServer证书导入到RmiRegistry信任库中,并将RmiRegistry证书导入到JavaMainServer信任库中.另外,在客户端和服务器之间执行相同的操作.以前,如果我正确理解该机制,那么我只是将JavaMainClient证书导入到JavaMainClient信任库中,而将JavaMainServer证书导入到JavaMainServer信任库中,这是愚蠢的.用我的最终代码更新了问题.
After this I was getting a PKIX exception. After thinking a little bit, I realised that I had to import the JavaMainServer certificate to the RmiRegistry truststore and import the RmiRegistry certificate to the JavaMainServer truststore. Also, do the same between the client and the server. Previously I was importing the JavaMainClient certificate to the JavaMainClient truststore and the JavaMainServer certificate to the JavaMainServer truststore only, which was dumb, if I understood the mechanism correctly. Updated the question with my final code.
这篇关于带SSL的RMI-服务器启动时的握手异常(没有通用的密码套件)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
