即使在客户端禁用TLS 1.2之后,在Java 1.8客户端和以FIPS模式运行的Java 1.7 TLS 1.1服务器之间TLS握手也会失败 [英] TLS handshake fails between a Java 1.8 client and a Java 1.7 TLS 1.1 server running in FIPS mode, even after disabling TLS 1.2 in the client side
本文介绍了即使在客户端禁用TLS 1.2之后,在Java 1.8客户端和以FIPS模式运行的Java 1.7 TLS 1.1服务器之间TLS握手也会失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Java 1.7 TLS 1.1服务器和Java 1.8客户端之间的SSL / TLS握手在我的环境中失败,服务器端出现以下异常:
The SSL / TLS handshake between a "Java 1.7 TLS 1.1 server" and a "Java 1.8 client" fails in my environment with the following exception on the server side:
java.security.NoSuchAlgorithmException:没有这样的算法:
SunTls12MasterSecret for provider SunPKCS11-NSSfips
java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
以下是我环境中服务器和客户端的详细信息:
Following are the details of the server and the client in my environment:
服务器:
- 服务器使用Java 1.7u45,并且在符合FIPS 140的模式下运行
,如
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html 。 - 服务器使用Mozilla网络安全服务(NSS)版本
3.14.3作为加密提供程序。 - 服务器在SLES 11 SP3(SuSE Linux Enterprise Server)
操作系统上运行,并使用操作系统提供的以下NSS RPMS:
- mozilla-nss-3.14.3-0.11.11
- mozilla-nss-tools-3.14.3-0.11.11
- mozilla-nspr-4.9.6-0.3.1
- libfreebl3-3.14.3-0.11.11
- libsoftokn3-3.14.3- 0.11.11
- The server uses Java 1.7u45 and is running in FIPS 140 compliant mode as mentioned in http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html.
- The server uses Mozilla Network Security Services (NSS) version 3.14.3 as the cryptographic provider.
- The server is running on SLES 11 SP3 (SuSE Linux Enterprise Server)
operating system and uses the following NSS RPMS provided by the OS:
- mozilla-nss-3.14.3-0.11.11
- mozilla-nss-tools-3.14.3-0.11.11
- mozilla-nspr-4.9.6-0.3.1
- libfreebl3-3.14.3-0.11.11
- libsoftokn3-3.14.3-0.11.11
客户:
- 客户是基于Java Swing的客户端应用程序,使用Java Web Start启动
。 - 客户端使用Java 1.8u25并在Windows 7 Professional SP1操作系统上运行。
- 由于服务器不支持TLS 1.2,因此在$ b $中提到的Java Control
面板的高级选项卡中,客户端已禁用TLS 1.2。 b https://docs.oracle.com/javase/8/docs /technotes/guides/deploy/jcp.html#A1153011 。
- The client is a Java Swing based client application which is launched using Java Web Start.
- The client uses Java 1.8u25 and is running on Windows 7 Professional SP1 operating system.
- Since the server does not support TLS 1.2, TLS 1.2 has been disabled in the client side in the "Advanced" tab of the Java Control Panel as mentioned in https://docs.oracle.com/javase/8/docs/technotes/guides/deploy/jcp.html#A1153011.
问题:
- 由于服务器不支持TLS 1.2,我在客户端禁用了TLS 1.2。
- 我无法弄清楚为什么握手失败甚至在客户端禁用TLS 1.2之后。你可以帮帮我吗?
其他观察:
- 如果使用Java 1.7(任何版本)并且在客户端禁用TLS 1.2,则相同的方案可以正常工作。
- 如果使用Java 1.7(任何版本)和TLS 1.2,则在服务器端抛出相同的异常java.security.NoSuchAlgorithmException:no such algorithm:SunTls12MasterSecret for provider SunPKCS11-NSSfips在客户端启用。
- 如果在客户端使用Java 1.8(任何版本),即使禁用TLS 1.2后,它也会失败。
服务器端SSL调试日志:
- 似乎首先使用密码TLS_RSA_WITH_AES_128_CBC_SHA在TLS 1.1中启动握手。
- 在此之后,出于某种原因,使用密码TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256重新启动握手TLS 1.2,该密码失败,异常为java.security.NoSuchAlgorithmException:no such algorithm:SunTls12MasterSecret for provider SunPKCS11-NSSfips。
TLS 1.1 Java 1.7u45服务器+ Java 1.8u25 TLS 1.2禁用客户端 -
失败:TLS 1.1 Java 1.7u45 server + Java 1.8u25 TLS 1.2 disabled client - fails:
2014/11/28 15:03:38 | INFO | jvm 1 | *** ClientHello, TLSv1.1 2014/11/28 15:03:38 | INFO | jvm 1 | RandomCookie: GMT: 1417167224 bytes = { 55, 212, 126, 68, 49, 1, 205, 58, 112, 15, 1, 9, 38, 31, 58, 188, 229, 115, 10, 61, 249, 209, 98, 140, 149, 113, 149, 231 } 2014/11/28 15:03:38 | INFO | jvm 1 | Session ID: {84, 120, 65, 114, 3, 180, 96, 53, 232, 47, 28, 70, 58, 150, 117, 9, 169, 7, 94, 233, 94, 198, 136, 202, 240, 130, 18, 23, 89, 10, 220, 111} 2014/11/28 15:03:38 | INFO | jvm 1 | Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA] 2014/11/28 15:03:38 | INFO | jvm 1 | Compression Methods: { 0 } 2014/11/28 15:03:38 | INFO | jvm 1 | Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 2014/11/28 15:03:38 | INFO | jvm 1 | Extension ec_point_formats, formats: [uncompressed] 2014/11/28 15:03:38 | INFO | jvm 1 | Extension renegotiation_info, renegotiated_connection: <empty> 2014/11/28 15:03:38 | INFO | jvm 1 | *** 2014/11/28 15:03:38 | INFO | jvm 1 | %% Resuming [Session-135, TLS_RSA_WITH_AES_128_CBC_SHA] 2014/11/28 15:03:38 | INFO | jvm 1 | *** ServerHello, TLSv1.1 2014/11/28 15:03:38 | INFO | jvm 1 | RandomCookie: GMT: 1417167218 bytes = { 175, 0, 103, 107, 78, 20, 172, 204, 4, 196, 148, 153, 126, 87, 188, 255, 85, 219, 140, 39, 41, 136, 51, 33, 169, 31, 36, 150 } 2014/11/28 15:03:38 | INFO | jvm 1 | Session ID: {84, 120, 65, 114, 3, 180, 96, 53, 232, 47, 28, 70, 58, 150, 117, 9, 169, 7, 94, 233, 94, 198, 136, 202, 240, 130, 18, 23, 89, 10, 220, 111} 2014/11/28 15:03:38 | INFO | jvm 1 | Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA 2014/11/28 15:03:38 | INFO | jvm 1 | Compression Method: 0 2014/11/28 15:03:38 | INFO | jvm 1 | Extension renegotiation_info, renegotiated_connection: <empty> 2014/11/28 15:03:38 | INFO | jvm 1 | *** 2014/11/28 15:03:38 | INFO | jvm 1 | Cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA 2014/11/28 15:03:38 | INFO | jvm 1 | CONNECTION KEYGEN: 2014/11/28 15:03:38 | INFO | jvm 1 | Client Nonce: 2014/11/28 15:03:38 | INFO | jvm 1 | 0000: 54 78 41 78 37 D4 7E 44 31 01 CD 3A 70 0F 01 09 TxAx7..D1..:p... 2014/11/28 15:03:38 | INFO | jvm 1 | 0010: 26 1F 3A BC E5 73 0A 3D F9 D1 62 8C 95 71 95 E7 &.:..s.=..b..q.. 2014/11/28 15:03:38 | INFO | jvm 1 | Server Nonce: 2014/11/28 15:03:38 | INFO | jvm 1 | 0000: 54 78 41 72 AF 00 67 6B 4E 14 AC CC 04 C4 94 99 TxAr..gkN....... 2014/11/28 15:03:38 | INFO | jvm 1 | 0010: 7E 57 BC FF 55 DB 8C 27 29 88 33 21 A9 1F 24 96 .W..U..').3!..$. 2014/11/28 15:03:38 | INFO | jvm 1 | Master Secret: 2014/11/28 15:03:38 | INFO | jvm 1 | (key bytes not available) 2014/11/28 15:03:38 | INFO | jvm 1 | Client MAC write Secret: 2014/11/28 15:03:38 | INFO | jvm 1 | (key bytes not available) 2014/11/28 15:03:38 | INFO | jvm 1 | Server MAC write Secret: 2014/11/28 15:03:38 | INFO | jvm 1 | (key bytes not available) 2014/11/28 15:03:38 | INFO | jvm 1 | Client write key: 2014/11/28 15:03:38 | INFO | jvm 1 | (key bytes not available) 2014/11/28 15:03:38 | INFO | jvm 1 | Server write key: 2014/11/28 15:03:38 | INFO | jvm 1 | (key bytes not available) 2014/11/28 15:03:38 | INFO | jvm 1 | ... no IV derived for this protocol 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-300, WRITE: TLSv1.1 Handshake, length = 81 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-300, WRITE: TLSv1.1 Change Cipher Spec, length = 1 2014/11/28 15:03:38 | INFO | jvm 1 | *** Finished 2014/11/28 15:03:38 | INFO | jvm 1 | verify_data: { 205, 73, 239, 162, 189, 111, 93, 112, 252, 191, 178, 72 } 2014/11/28 15:03:38 | INFO | jvm 1 | *** 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-300, WRITE: TLSv1.1 Handshake, length = 64 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-299, READ: TLSv1.1 Change Cipher Spec, length = 1 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-299, READ: TLSv1.1 Handshake, length = 64 2014/11/28 15:03:38 | INFO | jvm 1 | *** Finished 2014/11/28 15:03:38 | INFO | jvm 1 | verify_data: { 19, 183, 83, 202, 63, 74, 163, 0, 247, 151, 206, 20 } 2014/11/28 15:03:38 | INFO | jvm 1 | *** 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-299 - /AuthServices/auth/tokens, WRITE: TLSv1.1 Application Data, length = 184 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-299 - /AuthServices/auth/tokens, WRITE: TLSv1.1 Application Data, length = 2987 2014/11/28 15:03:38 | INFO | jvm 1 | qtp1981883520-299, WRITE: TLSv1.1 Application Data, length = 5 2014/11/28 15:03:38 | INFO | jvm 1 | Allow unsafe renegotiation: false 2014/11/28 15:03:38 | INFO | jvm 1 | Allow legacy hello messages: true 2014/11/28 15:03:38 | INFO | jvm 1 | Is initial handshake: true 2014/11/28 15:03:38 | INFO | jvm 1 | Is secure renegotiation: false 2014/11/28 15:03:38 | INFO | jvm 1 | Is secure renegotiation: false 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, READ: TLSv1.2 Handshake, length = 207 2014/11/28 15:03:43 | INFO | jvm 1 | *** ClientHello, TLSv1.2 2014/11/28 15:03:43 | INFO | jvm 1 | RandomCookie: GMT: 1417167229 bytes = { 209, 207, 128, 77, 244, 126, 201, 133, 122, 149, 46, 174, 146, 131, 232, 171, 236, 114, 188, 239, 89, 136, 179, 55, 42, 35, 10, 208 } 2014/11/28 15:03:43 | INFO | jvm 1 | Session ID: {} 2014/11/28 15:03:43 | INFO | jvm 1 | Session ID: {} 2014/11/28 15:03:43 | INFO | jvm 1 | Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 2014/11/28 15:03:43 | INFO | jvm 1 | Compression Methods: { 0 } 2014/11/28 15:03:43 | INFO | jvm 1 | Compression Methods: { 0 } 2014/11/28 15:03:43 | INFO | jvm 1 | Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 2014/11/28 15:03:43 | INFO | jvm 1 | Extension ec_point_formats, formats: [uncompressed] 2014/11/28 15:03:43 | INFO | jvm 1 | Extension ec_point_formats, formats: [uncompressed] 2014/11/28 15:03:43 | INFO | jvm 1 | Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 2014/11/28 15:03:43 | INFO | jvm 1 | *** 2014/11/28 15:03:43 | INFO | jvm 1 | %% Initialized: [Session-136, SSL_NULL_WITH_NULL_NULL] 2014/11/28 15:03:43 | INFO | jvm 1 | %% Initialized: [Session-136, SSL_NULL_WITH_NULL_NULL] 2014/11/28 15:03:43 | INFO | jvm 1 | %% Negotiating: [Session-136, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] 2014/11/28 15:03:43 | INFO | jvm 1 | *** ServerHello, TLSv1.2 2014/11/28 15:03:43 | INFO | jvm 1 | RandomCookie: GMT: 1417167223 bytes = { 117, 144, 129, 63, 132, 34, 26, 83, 118, 25, 122, 135, 116, 24, 242, 213, 196, 31, 25, 127, 155, 153, 6, 132, 244, 45, 21, 235 } 2014/11/28 15:03:43 | INFO | jvm 1 | RandomCookie: GMT: 1417167223 bytes = { 117, 144, 129, 63, 132, 34, 26, 83, 118, 25, 122, 135, 116, 24, 242, 213, 196, 31, 25, 127, 155, 153, 6, 132, 244, 45, 21, 235 } 2014/11/28 15:03:43 | INFO | jvm 1 | Session ID: {84, 120, 65, 119, 78, 220, 0, 216, 29, 255, 202, 86, 198, 210, 97, 121, 235, 184, 87, 232, 34, 43, 85, 29, 148, 43, 201, 241, 189, 70, 130, 185} 2014/11/28 15:03:43 | INFO | jvm 1 | Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 2014/11/28 15:03:43 | INFO | jvm 1 | Compression Method: 0 2014/11/28 15:03:43 | INFO | jvm 1 | Extension renegotiation_info, renegotiated_connection: <empty> 2014/11/28 15:03:43 | INFO | jvm 1 | *** 2014/11/28 15:03:43 | INFO | jvm 1 | Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 2014/11/28 15:03:43 | INFO | jvm 1 | *** Certificate chain 2014/11/28 15:03:43 | INFO | jvm 1 | chain [0] = [ 2014/11/28 15:03:43 | INFO | jvm 1 | [ 2014/11/28 15:03:43 | INFO | jvm 1 | Version: V3 2014/11/28 15:03:43 | INFO | jvm 1 | Subject: CN=dev-05.labs.blr.com, O=webserver 2014/11/28 15:03:43 | INFO | jvm 1 | Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 2014/11/28 15:03:43 | INFO | jvm 1 | 2014/11/28 15:03:43 | INFO | jvm 1 | Key: SunPKCS11-NSSfips RSA public key, 2048 bits (id 1, session object) 2014/11/28 15:03:43 | INFO | jvm 1 | Key: SunPKCS11-NSSfips RSA public key, 2048 bits (id 1, session object) 2014/11/28 15:03:43 | INFO | jvm 1 | modulus: 19751124565775544542661601941034719218747286997557229376272410409764009924174952830102822006739940996361158891315994655677031683410457285645708620145915789088144941408425439122384306771006790672852952487887077643219829713631271285091822690455402307000211724434432943370113476924425722411995320247744734057517566666508974254720742261526685687656494544221796453195966155694205640019924093341684193258103280171653517687458035087335731929833587535142452049552301009807817546366586239918288540321429443922231821575519420587811789981092934767950075857907111279056051594689275813767976468618202672668356345198890748632149983 2014/11/28 15:03:43 | INFO | jvm 1 | public exponent: 65537 2014/11/28 15:03:43 | INFO | jvm 1 | public exponent: 65537 2014/11/28 15:03:43 | INFO | jvm 1 | Validity: [From: Tue Nov 25 14:37:52 IST 2014, 2014/11/28 15:03:43 | INFO | jvm 1 | To: Thu Nov 01 14:37:52 IST 2114] 2014/11/28 15:03:43 | INFO | jvm 1 | Issuer: CN=dev-05.labs.blr.com, O=webserver 2014/11/28 15:03:43 | INFO | jvm 1 | SerialNumber: [ 0d54f951] 2014/11/28 15:03:43 | INFO | jvm 1 | 2014/11/28 15:03:43 | INFO | jvm 1 | Certificate Extensions: 1 2014/11/28 15:03:43 | INFO | jvm 1 | [1]: ObjectId: 2.5.29.14 Criticality=false 2014/11/28 15:03:43 | INFO | jvm 1 | SubjectKeyIdentifier [ 2014/11/28 15:03:43 | INFO | jvm 1 | KeyIdentifier [ 2014/11/28 15:03:43 | INFO | jvm 1 | 0000: 94 2D EB EF E8 04 5F 84 B2 BA F6 A5 C9 58 D3 79 .-...._......X.y 2014/11/28 15:03:43 | INFO | jvm 1 | 0010: 44 8F 40 07 D.@. 2014/11/28 15:03:43 | INFO | jvm 1 | ] 2014/11/28 15:03:43 | INFO | jvm 1 | ] 2014/11/28 15:03:43 | INFO | jvm 1 | 2014/11/28 15:03:43 | INFO | jvm 1 | ] 2014/11/28 15:03:43 | INFO | jvm 1 | Algorithm: [SHA256withRSA] 2014/11/28 15:03:43 | INFO | jvm 1 | Signature: 2014/11/28 15:03:43 | INFO | jvm 1 | 0000: 39 59 42 B8 26 F6 64 7E CA C1 33 7C 60 6A FC 80 9YB.&.d...3.`j.. 2014/11/28 15:03:43 | INFO | jvm 1 | 0010: 5F AF 51 89 98 B7 AC 0C 27 DA A1 60 AD 5B 87 11 _.Q.....'..`.[.. 2014/11/28 15:03:43 | INFO | jvm 1 | 0020: D8 95 E3 37 D2 CB E3 8A 6F CF 82 F3 4C AA B6 42 ...7....o...L..B 2014/11/28 15:03:43 | INFO | jvm 1 | 0030: F5 8B 67 0B D9 F2 3E FA FE 81 C5 77 78 47 E2 61 ..g...>....wxG.a 2014/11/28 15:03:43 | INFO | jvm 1 | 0040: 33 DC 97 CB FC 04 1D 99 18 84 C3 DC 28 8D 14 D7 3...........(... 2014/11/28 15:03:43 | INFO | jvm 1 | 0050: AF 71 1C E6 41 FC D1 71 CB C3 50 66 5E 28 AF EB .q..A..q..Pf^(.. 2014/11/28 15:03:43 | INFO | jvm 1 | 0060: AF 80 52 CC 89 BE 0D 0B 58 1C CA 1C 34 36 BA 96 ..R.....X...46.. 2014/11/28 15:03:43 | INFO | jvm 1 | 0070: F2 FE 18 73 6B F7 09 35 94 AC 8E CB F2 83 47 62 ...sk..5......Gb 2014/11/28 15:03:43 | INFO | jvm 1 | 0080: 20 FD 64 64 72 D6 89 D7 77 A7 D0 17 43 7E FF 44 .ddr...w...C..D 2014/11/28 15:03:43 | INFO | jvm 1 | 0090: 57 B5 1D 27 24 1D F5 87 86 E9 29 EF DE E7 D2 2E W..'$.....)..... 2014/11/28 15:03:43 | INFO | jvm 1 | 00A0: 32 EE 3D 82 7C 53 7E 93 E9 5F 5E 9C 62 F5 31 C7 2.=..S..._^.b.1. 2014/11/28 15:03:43 | INFO | jvm 1 | 00B0: 9E 54 58 50 01 EE 58 18 81 6D 52 C0 EB CA CA 52 .TXP..X..mR....R 2014/11/28 15:03:43 | INFO | jvm 1 | 00C0: 26 CC 3C 9D E5 60 BE BE A1 E6 D5 79 66 F9 0C FD &.<..`.....yf... 2014/11/28 15:03:43 | INFO | jvm 1 | 00D0: BB 9E 36 E5 31 FC D4 68 8A 06 8D A0 0B 68 BA 2B ..6.1..h.....h.+ 2014/11/28 15:03:43 | INFO | jvm 1 | 00E0: 1E AF 51 4A 6C BC 2D 7D B4 04 EA D6 DA 28 9B 64 ..QJl.-......(.d 2014/11/28 15:03:43 | INFO | jvm 1 | 00F0: F9 FF 35 7B E7 91 02 01 37 E7 C2 AA 8D 1E 48 22 ..5.....7.....H" 2014/11/28 15:03:43 | INFO | jvm 1 | 2014/11/28 15:03:43 | INFO | jvm 1 | ] 2014/11/28 15:03:43 | INFO | jvm 1 | *** 2014/11/28 15:03:43 | INFO | jvm 1 | *** ECDH ServerKeyExchange 2014/11/28 15:03:43 | INFO | jvm 1 | Signature Algorithm SHA512withRSA 2014/11/28 15:03:43 | INFO | jvm 1 | Server key: SunPKCS11-NSSfips EC public key, 256 bits (id 1668, session object) 2014/11/28 15:03:43 | INFO | jvm 1 | public x coord: 22811020849167726801730368600918463139597169803826118722525163464343792847845 2014/11/28 15:03:43 | INFO | jvm 1 | public y coord: 73886304187565809239631250457098470068449769526968865962213829575389354072377 2014/11/28 15:03:43 | INFO | jvm 1 | parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 2014/11/28 15:03:43 | INFO | jvm 1 | *** ServerHelloDone 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, WRITE: TLSv1.2 Handshake, length = 1237 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, READ: TLSv1.2 Handshake, length = 70 2014/11/28 15:03:43 | INFO | jvm 1 | *** ECDHClientKeyExchange 2014/11/28 15:03:43 | INFO | jvm 1 | ECDH Public value: { 4, 121, 116, 89, 85, 251, 91, 15, 91, 227, 244, 77, 243, 1, 197, 145, 33, 117, 182, 143, 76, 42, 19, 121, 131, 88, 88, 58, 225, 42, 50, 178, 100, 17, 18, 128, 220, 237, 192, 247, 67, 173, 13, 185, 114, 213, 250, 172, 58, 145, 158, 237, 115, 94, 129, 246, 254, 151, 126, 190, 182, 240, 45, 57, 62 } 2014/11/28 15:03:43 | INFO | jvm 1 | SESSION KEYGEN: 2014/11/28 15:03:43 | INFO | jvm 1 | PreMaster Secret: 2014/11/28 15:03:43 | INFO | jvm 1 | (key bytes not available) 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, handling exception: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips 2014/11/28 15:03:43 | INFO | jvm 1 | %% Invalidated: [Session-136, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, SEND TLSv1.2 ALERT: fatal, description = internal_error 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, WRITE: TLSv1.2 Alert, length = 2 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, called closeSocket() 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, IOException in getSession(): javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 2014/11/28 15:03:43 | INFO | jvm 1 | Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 2014/11/28 15:03:43 | INFO | jvm 1 | Fri Nov 28 15:03:43 IST 2014|WARNING|Thread-601|ccs.comp.clientproxy.ProxiedClientListener$ProxyConnection.run 2014/11/28 15:03:43 | INFO | jvm 1 | Error processing requests from proxied client : unestablished 2014/11/28 15:03:43 | INFO | jvm 1 | Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips (java.security.ProviderException); Root cause: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips (java.security.NoSuchAlgorithmException) 2014/11/28 15:03:43 | INFO | jvm 1 | javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.AppInputStream.read(AppInputStream.java:92) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.AppInputStream.read(AppInputStream.java:69) 2014/11/28 15:03:43 | INFO | jvm 1 | at java.io.DataInputStream.readByte(DataInputStream.java:265) 2014/11/28 15:03:43 | INFO | jvm 1 | at ccs.comp.clientproxy.ProxiedClientListener$ProxyConnection.getNext(ProxiedClientListener.java:438) 2014/11/28 15:03:43 | INFO | jvm 1 | at ccs.comp.clientproxy.ProxiedClientListener$ProxyConnection.run(ProxiedClientListener.java:245) 2014/11/28 15:03:43 | INFO | jvm 1 | Caused by: javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1842) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1825) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2171) 2014/11/28 15:03:43 | INFO | jvm 1 | at ccs.comp.clientproxy.ProxiedClientListener.listen(ProxiedClientListener.java:126) 2014/11/28 15:03:43 | INFO | jvm 1 | at ccs.comp.clientproxy.ProxiedClientListener.run(ProxiedClientListener.java:105) 2014/11/28 15:03:43 | INFO | jvm 1 | Caused by: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1060) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:999) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:234) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) 2014/11/28 15:03:43 | INFO | jvm 1 | ... 3 more 2014/11/28 15:03:43 | INFO | jvm 1 | Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.jca.GetInstance.getService(GetInstance.java:100) 2014/11/28 15:03:43 | INFO | jvm 1 | at javax.crypto.JceSecurity.getInstance(JceSecurity.java:109) 2014/11/28 15:03:43 | INFO | jvm 1 | at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:287) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:269) 2014/11/28 15:03:43 | INFO | jvm 1 | at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1052) 2014/11/28 15:03:43 | INFO | jvm 1 | ... 10 more
推荐答案
由于服务器不支持TLS 1.2,我在客户端禁用了TLS 1.2。
Since the server does not support TLS 1.2, I disabled TLS 1.2 on the client side.
我无法弄清楚为什么握手失败甚至在禁用TLS 1.2之后在客户端。能帮帮我吗?
I could not figure out why the handshake fails "even after" disabling TLS 1.2 on the client side. Can you please help me with this?
并且:
... 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, WRITE: TLSv1.2 Alert, length = 2 2014/11/28 15:03:43 | INFO | jvm 1 | Thread-31, called closeSocket()猜测,TLS 1.1中的PRF(伪随机函数)以前使用MD5(和SHA1)。 TLS 1.2 PRF使用SHA2系列(IIRC)。图书馆可能对MD5过于热心。
Just guessing, the the PRF (pseudorandom function) in TLS 1.1 and earlier use MD5 (and SHA1). The TLS 1.2 PRF uses SHA2 family (IIRC). The library is probably being over-zealous with respect to MD5.
有点像试图半怀孕。如何在内部为一个功能允许MD5,但不允许在其他功能上使用它并仍然通过测试实验室验证?
Its kind of like trying to get half-pregnant. How do you allow MD5 internally for one function, but not allow it on other functions and still pass a validation with a testing lab?
所以你应该尝试使用库和启用TLS 1.2。
So you should try to work with the libraries and enable TLS 1.2.
客户端是基于Java Swing的客户端应用程序,它是使用Java Web Start启动。
The client is a Java Swing based client application which is launched using Java Web Start.
我认为您应该执行的第一步是删除无法处理TLS 1.2的Java客户端,并验证服务器是否正常工作正如所料。这将为您提供各种基准。
I think the first step you should perform is drop the Java client that can't cope with TLS 1.2, and verify the server works as expected. That will give you a baseline of sorts.
您可以使用以下OpenSSL命令来测试启用了TLS 1.2的服务器:
You can use the following OpenSSL command to test the server with TLS 1.2 enabled:
openssl s_client -tls1_2 -connect www.example.com:443 -servername www.example.com您还可以使用
-cipher选项指定特定密码。例如,TLS_RSA_WITH_AES_128_CBC_SHA是 <$在OpenSSL中c $ c> AES128-SHA :You can also specify a specific cipher by using the
-cipheroption. For example,TLS_RSA_WITH_AES_128_CBC_SHAisAES128-SHAin OpenSSL:openssl s_client -tls1_2 -connect www.example.com:443 -servername www.example.com -cipher AES128-SHA你甚至可以用类似的东西来构建一个页面(注意添加
-ign_eof):You can even fecth a page with something like (notice the addition of
-ign_eof):echo -e "GET / HTTP/1.1\r\nHost:www.example.com\r\n\r\n" | openssl s_client -ign_eof -tls1_2 -connect...
对于Java 8之前的TLS协议和密码套件,Java非常蹩脚。虽然可用,但Java 7及更早版本中默认启用了TLS 1.1和1.2 。您需要明确启用它们。
Java is pretty lame when it comes to TLS protocols and cipher suites prior to Java 8. Though available, TLS 1.1 and 1.2 are not enabled by default in Java 7 and earlier. You need to explicitly enable them.
此外,即使您没有要求,Java也会偷偷进入SSLv3。要自己查看,请尝试
SSLContext.getInstance(TLS)并查看SSLv3是否为已启用的协议:)In addition, Java sneaks in SSLv3 even when you don't ask for it. To see for yourself, try
SSLContext.getInstance("TLS")and see if SSLv3 is an enabled protocol :)您可以在启用SSL套接字的哪些密码套件?中查看启用可用协议和密码套件的示例
You can see an example of enabling available protocols and cipher suites at Which Cipher Suites to enable for SSL Socket?
有趣的是,NIST允许在TLS中使用MD5作为PRF。但它是一个非常具体的例外。它是允许的,因为PRF不需要抗冲击性 - 它只需要提取熵。
Interestingly, use of MD5 as a PRF in TLS is allowed by NIST. But its a very specific exception. Its allowed because the PRF does not require the property of collision resistance - it just needs to extract entropy.
以下是来自NIST的 SP 800-135 :
The following is from NIST's SP 800-135:
P_MD5和P_SHA-1的输出被异或一起产生PRF输出
。该PRF既用作随机提取步骤
来生成主密钥,也用作从主密钥中导出协议的
密钥材料的关键扩展步骤。The outputs from both P_MD5 and P_SHA-1 are XOR ed together to produce the PRF output. This PRF is used as both a randomness extraction step to generate the master secret and as a key expansion step to derive keying material for the protocol from the master secret.
当以下条件满足
时,TLS 1.0和1.1 KDF被批准:
(1)TLS 1.0和1.1 KDF在$ b $的上下文中执行b TLS协议。
(2)SHA-1和HMAC分别在FIPS 180-3
和198-1中指定。
The TLS 1.0 and 1.1 KDF is approved when the following conditions are satisfied:
(1) The TLS 1.0 and 1.1 KDF is performed in the context of the TLS protocol.
(2) SHA-1 and HMAC are as specified in FIPSs 180-3 and 198-1, respectively.这篇关于即使在客户端禁用TLS 1.2之后,在Java 1.8客户端和以FIPS模式运行的Java 1.7 TLS 1.1服务器之间TLS握手也会失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
