如何使用AES-256在Spring Boot上设置SSL(TLS)/ HTTPS? [英] How to set up SSL (TLS) / HTTPS on Spring Boot using AES-256?
问题描述
我使用RSA在我的Spring Boot服务器上设置了SSL(如何在Spring上配置SSL / HTTPS?)按照他们的向导:
I set up SSL on my Spring Boot server using RSA (How to configure SSL / HTTPS on Spring?) by following their guide:
- 创建一个新的密钥库和密钥使用
keytool -genkey -alias< alias> -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 -
将这些行放在我的application.properties文件中:
- Created a new keystore and key using
keytool -genkey -alias <alias> -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 Placed these lines in my application.properties file:
server.port:8443
server.ssl.key-store:classpath:keystore.p12
server.ssl.key -store-password:< keystore password>
server.ssl.key-password =<密码>
server.ssl.keyStoreType:PKCS12
server.ssl.keyAlias:< alias>
像魅力一样。但是当我通过运行 keytool -genseckey -keystore keystore.jck -storetype生成AES 256密钥时,JCEKS -storepass< store pass> -keyalg AES -keysize 256 -alias< alias> -keypass<密钥传递> ,并将.properties文件更改为新的密钥库/密钥值,每次向服务器发出的请求都会导致 0 EMPTY RESPONSE 。我应该遵循哪些步骤来成功配置它?
Works like a charm. But when I generate an AES 256 key by running keytool -genseckey -keystore keystore.jck -storetype JCEKS -storepass <store pass> -keyalg AES -keysize 256 -alias <alias> -keypass <key pass>, and change the .properties file to the new keystore / key values, every request to the server results in 0 EMPTY RESPONSE. What steps should I follow to configure it successfully?
推荐答案
知道了。解决了它。关键算法与您想要使用的密码几乎没有关系(在我的情况下为AES 256)。使用常规RSA,PKCS12密钥。
Got it. Solved it. Key algorithms have little to do with the cipher you want to use (AES 256, in my case). Got it to work with a regular RSA, PKCS12 key.
然后,在application.properties中设置下一个属性:
Then, set the next properties in application.properties:
server.ssl.ciphers=ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
server.ssl.protocol=TLS
这篇关于如何使用AES-256在Spring Boot上设置SSL(TLS)/ HTTPS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
