java - SSL 引擎 : TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 不支持指定的密码

Question

当使用 ssl 调试启动 Tomcat 时，我收到以下警告。

2014 年 2 月 3 日上午 5:02:34 org.apache.tomcat.util.net.jsse.JSSESocketFactory getEnableableCiphers警告:SSL 引擎不支持指定的密码:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

我在 java.security 文件中将 bouncycaSTLe 设置为加密提供程序并将 jar 复制到 java_home/lib/ext

我的 HTTPS 连接器配置中有以下内容。

密码="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" 协议(protocol)="org.apache.coyote.http11.Http11NioProtocol"

Java 版本:1.6

由于这个错误 - 我也无法通过浏览器连接到服务器

感谢任何帮助..

Answer 1

这个问题的一个解决方案是 posted here :

I figured out what the problem was. It was not related to tomcat configuration, but to my keystore. The reason is that once you import a client certificate under the same alias as the private pair, they both get merged under the same alias inside keystore. Using keytool -delete command, meant to remove the certificate only, deletes the private pair as well. I noticed that once I dumped keystore content for my keystore and a keystore on one of my other servers. Luckily, I had a backup of the keystore I made right after it was created. Importing the certificates into that keystore resolved the issue.