如何控制Tomcat可用的SSL密码 [英] How to control the SSL ciphers available to Tomcat

查看:225
本文介绍了如何控制Tomcat可用的SSL密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我无法禁用Tomcat中的弱SSL密码,如许多地方所述。 http://www.techstacks.com/howto/secure-ssl- in-tomcat.html

目前,我的连接器如下所示:

I'm unable to disable weak SSL ciphers in Tomcat as documented in many places e.g. http://www.techstacks.com/howto/secure-ssl-in-tomcat.html.
Currently, my connector looks as follows:

..Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Programs\apache-tomcat-6.0.33\keystore" keystorePass="nn"/>

当我尝试连接(使用IE或ssldigger)我在Tomcat中收到以下错误: p>

when I attempt a connection (using IE or ssldigger) I get the following error in Tomcat:

java.lang.IllegalArgumentException: Unsupported ciphersuite  SSL_RSA_WITH_RC4_128_SHA
    at com.sun.net.ssl.internal.ssl.CipherSuite.valueOf(Unknown Source)
    at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledCipherSuites(Unknown Source)
    at org.apache.tomcat.util.net.NioEndpoint.createSSLEngine(NioEndpoint.java:1141)
    at org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:1096)
    at org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:1315)
    at java.lang.Thread.run(Unknown Source)

顺便提一句,我删除了不受支持的密码(几乎一个接一个),只剩下一个似乎被支持是SSL_RSA_WITH_RC4_128_MD5

Incidentally, I removed the unsupported ciphers (almost one by one) and the only one I was left with that seems to be supported is SSL_RSA_WITH_RC4_128_MD5

另外,我假设不支持的密码与Tomcats的特定密钥对无关,但更广泛地说与广泛可用的密码无关。

Also, I'm assuming that an unsupported cipher is not related to Tomcats's specific key pair but more generally to the broadly available ciphers.

这里有什么问题?

推荐答案

逗号分隔的密码列表是空格敏感的,即罪魁祸首是逗号后的空格字符

I figured it out..the comma separated list of ciphers is whitespace sensitive i.e. the culprit is the space character after the comma

这篇关于如何控制Tomcat可用的SSL密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆