Java Kubernetes客户端SSLHandshakeException扩展(5)不应出现在certificate_request中 [英] Java Kubernetes client SSLHandshakeException extension (5) should not be presented in certificate_request

问题描述

当尝试在本地运行Java Kubernetes客户端应用程序时，出现扩展名(5)不应在certificate_request中显示"的情况，该应用程序通过润滑油代理连接查询Kubernetes集群.有什么想法吗?预先感谢

I am getting "extension (5) should not be presented in certificate_request" when trying to run locally a Java Kubernetes client application which queries the Kubernetes cluster over a lube proxy connection. Any thoughts? Thanks in advance

  ApiClient client = null;
    try {
        client = Config.defaultClient();
        //client.setVerifyingSsl(false);
    } catch (IOException e) {
        e.printStackTrace();
    }
    Configuration.setDefaultApiClient(client);

    CoreV1Api api = new CoreV1Api();
    V1PodList list = null;
    try {
        list = api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null);
    } catch (ApiException e) {
        e.printStackTrace();
    }
    for (V1Pod item : list.getItems()) {
        System.out.println(item.getMetadata().getName());
    }

推荐答案

您正在使用哪个Java版本?

Which version of Java are you using?

JDK 11及更高版本支持TLS 1.3，这可能导致错误extension (5) should not be presented in certificate_request.

JDK 11 onwards have support for TLS 1.3 which can cause the error extension (5) should not be presented in certificate_request.

将-Djdk.tls.client.protocols=TLSv1.2添加到JVM args中，以使其改为使用1.2.

Add -Djdk.tls.client.protocols=TLSv1.2 to the JVM args to make it use 1.2 instead.

Go lang上与此 https://github.com/golang/相关的一个问题go/issues/35722 ，那里的某人还发布到在上禁用TLS 1.3 Java方面

There is an issue on Go lang relating to this https://github.com/golang/go/issues/35722 and someone there also posted to disable TLS 1.3 on the Java side

这篇关于Java Kubernetes客户端SSLHandshakeException扩展(5)不应出现在certificate_request中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！