- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
我们正在尝试将 WSO2 BPS 中的 TLS 1.0 升级到 TLS 1.2 版本。使用此链接升级 TLS 最新版本的过程如下 Reference Link From WSO2我们的 JAVA 应用程序在 JDK 1.8 中运行。
打开 <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml
文件。
删除了 sslProtocol="TLS"属性并将其替换为sslEnabledProtocols="TLSv1.2"如下所示。
> <Connector SSLEnabled="true" port="9443"
> protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
> secure="true" server="WSO2 Carbon Server"
> sslEnabledProtocols="TLSv1.2"
> svns:secretAlias="Server.Service.Connector.keystorePass"/>
java -jar TestSSLServer.jar localhost 9443
并将 TLS 配置响应仅作为 TLSv1.2,Supported versions: TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
TLSv1.2
DHE_RSA_WITH_AES_128_CBC_SHA
DHE_RSA_WITH_AES_256_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA256
DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
----------------------
Server certificate(s):
501fc1432d87155dc431382aeb843ed558ad61b1: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US
----------------------
Minimal encryption strength: strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)
BEAST status: protected
CRIME status: protected
我们改变了 jre/lib/security/java.security
根据 @user7294900操作说明。当我们在那个 java.security 文件中设置配置时,我们在 wso2BPMN 中遇到这个错误消息。但是我们可以通过握手失败通知在 Wireshark 捕获中查看 TLS 版本 1.2。
Wso2BPMN,
Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : smtp.office365.com:587
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1398)
at org.apache.commons.mail.Email.send(Email.java:1423)
at org.activiti.engine.impl.bpmn.behavior.MailActivityBehavior.execute(MailActivityBehavior.java:102)
... 192 more
Caused by: javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408)
at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport.java:847)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:384)
at javax.mail.Service.connect(Service.java:297)
at javax.mail.Service.connect(Service.java:156)
at javax.mail.Service.connect(Service.java:105)
at javax.mail.Transport.send0(Transport.java:168)
at javax.mail.Transport.send(Transport.java:98)
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1388)
... 194 more
那么,TLSv1.2版本升级需要什么配置吗?
最佳答案
set the
jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1
in the file jre/lib/security/java.security on the server.
同时尝试将密码减少为 @Dimtri suggested
set ciphers that are supported only by TLSv1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
关于java - 如何在 wso2product 上将 TLS 1.0 升级到 TLS 1.2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57359283/
我正在使用 Siddhi [1] 的 Java 库,并且注意到检索和处理由 Siddhi 运行时生成的事件有相当大的延迟。尽管两个Siddhi事件可能具有时间差为X秒的Siddhi事件时间戳,但是在接
我阅读了网站上提供的文档,但没有太多关于如何连接到服务器并从 java 访问其 CEP 功能的信息。例如,它接受 POJO 作为事件模型还是只是 xml?我们可以从 Java 创建事件模型和查询吗?如
我是一名优秀的程序员,十分优秀!