个人中心
gpt4 book ai didi

java - 使用 IBM JDK 6 启用 ECDHE 密码

转载 作者:太空宇宙 更新时间:2023-11-03 13:05:33 25 4
gpt4 key购买 nike

使用 IBM Rational® Software Architect for WebSphere 软件版本:9.0.0.1 和 JDK 6

尝试将 ECDHE 密码添加到运行时环境。在 https://www.ibm.com/support/knowledgecenter/SSYKE2_6.0.0/com.ibm.java.security.component.60.doc/security-component/jsse2Docs/ciphersuites.html ,IBM 说“第二个列表显示了 IBMJSSE 提供程序支持的 (ECDHE) 密码套件,但默认情况下禁用”。

我可以将 ClientHello 更改为 TLSv1.0、TLSv1.1 或 TLSv1.3,但始终会返回相同的密码套件。它们都不是 ECDHE。

如果有人知道如何启用 ECDHE 密码,将不胜感激。

这是控制台输出。

    SSLContextImpl:  Using X509ExtendedKeyManager com.ibm.jsse2.hd
    SSLContextImpl:  Using X509TrustManager com.ibm.jsse2.pc
    JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
    trigger seeding of SecureRandom
    done seeding SecureRandom
    instantiated an instance of class com.ibm.jsse2.SSLSocketFactoryImpl
    IBMJSSE2 will not enable CBC protection
    IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
    JsseJCE:  Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.2
    JsseJCE:  Using cipher AES/CBC/NoPadding from provider TBD via init 
    CipherBox:  Using cipher AES/CBC/NoPadding from provider from init IBMJCE version 1.2
    IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
    IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
    IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default

    Is initial handshake: true
    %% No cached client session
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1503070341 bytes = { 152, 50, 18, 78, 108, 96, 63, 98, 44, 14, 255, 58, 89, 161, 90, 194, 150, 17, 22, 60, 58, 30, 156, 194, 83, 148, 201, 11 }
    Session ID:  {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA256withDSA, SHA1withDSA, MD5withRSA
    ***
    main, WRITE: TLSv1.2 Handshake, length = 121
    main, READ: TLSv1.2 Alert, length = 2
    main, RECV TLSv1 ALERT:  fatal, handshake_failure
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.ibm.jsse2.o.a(o.java:8)
        at com.ibm.jsse2.o.a(o.java:4)
        at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:40)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:554)
        at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:223)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:724)
        at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:81)
        at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:8)
        at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:20)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1207)
        at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:390)
        at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:36)
        at Java6withHostHeader.main(Java6withHostHeader.java:94)

最佳答案

在所有回复者的帮助下,我才弄明白了这一点。首先,我使用此代码列出所有可用的密码,确认所需的 ECDHE 密码已安装但未启用,它给出了每个密码的正确拼写 - https://confluence.atlassian.com/stashkb/files/679609085/679772359/1/1414093373406/Ciphers.java然后在 IDE 中,我在 Run Configurations/VM Arguments 下设置了以下值并且它起作用了。 -Dhttps.protocols="TLSv1.1"-Dhttps.cipherSuites="SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA、SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 等。"

谢谢大家的帮助

关于java - 使用 IBM JDK 6 启用 ECDHE 密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49037706/

25 4 0
文章推荐: r - 有没有办法使用 R 将文件写入使用 SSL 的 FTP 服务器?
文章推荐: android - 如何使用 Post 方法使用 HttpClient?
文章推荐: android - 需要一个Android xmpp 聊天客户端来配置openfire!
文章推荐: python - ssl.SSLZeroReturnError : TLS/SSL connection has been closed (EOF) (_ssl. c:661)
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com