错误消息 “ 客户端偏好不接受服务器选中的协议版本 TLS10 ”
原标题:Error message "The server selected protocol version TLS10 is not accepted by client preferences"
I am trying to run this JNLP file on Windows 10 to connect to a server (actually, I am connecting to a dedicated server via KVM over IPMI (IPKVM) or whatever it is called, so I can install a new operating system).
I am getting error
The server selected protocol version TLS10 is not accepted by client preferences.
Is there something I need to do in Java client to fix the error?
问题回答
Go to folder C:Program Files (x86)Javajre1.8.0_291libsecurity.
In file java.security, find option jdk.tls.disabledAlgorithms and delete TLSv1.
It appears that the latest update of Java 11 has disabled TLS 1.0 and TLS 1.1.
Here is the detailed documentation on how to enable it again: TLS 1.0/1.1 changes in OpenJDK and Amazon Corretto
Apparently, I was caught in this issue because of a JDK update today and had hard time finding it. This can help.
The first thing to do: Go to folder C:Program FilesJavajre1.8.0_291libsecurity. In the java.security file, find option jdk.tls.disabledAlgorithms and delete TLSv1.
If it still doesn t work, make sure that the line:
deployment.security.TLSv1=true
exists in file C:UsersJavaUserAppDataLocalLowSunJavaDeploymentdeployment.properties.
Don t update to Java 11. Nowadays TLS 1.0 is outdated. The sites using TLS 1.0 and TLS 1.1 certificates for encryption will be marked as insecure in browsers.
So better to update the Transport Layer Security (TLS) version in SQL Server.
Please follow the pages:
Connect to SQL Server TLS 1.2 using DbVisualizer and SSMS
KB3135244 - TLS 1.2 support for Microsoft SQL Server
You can set it in JRE inside SoapUI (if you are using it): Remove "TLSv1, TLSv1.1" from "jdk.tls.disabledAlgorithms" property in file ${soapui_home}/jre/conf/securityjava.security.
I know this is a Windows 10 related question, but just in case somebody is looking for an answer. I found this helpful hint here.
For RedHat based JVMs (e.g. Docker image registry.redhat.io/ubi8/openjdk-11-runtime) you have to remove TLSv1 from the property jdk.tls.disabledAlgorithms in:
/etc/crypto-policies/back-ends/java.config
as modifying the java.security file alone, will not solve the issue.
Go to Control Panel, Program. Click on Java (Java control Panel), go to Advanced, scroll down and check TLS 1.0 and TLS 1.1.
Close your program and start it again.
If you are using eclipse first check the path of jre used by eclipse. For knowing the path of JRE used by eclipse you can follow the below steps. (project>properties>java build path> libraries).
click on JRE system library>edit>installed JREs
Now it will display the path of JRE currently used by eclipse.
Go to JRE>conf>security and open java.security file and remove TLSv1 from the property jdk.tls.disabledAlgorithms
the solution look the video for java 11
The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]
https://www.youtube.com/watch?v=ynEQM-W8RkU
I had this issue recently, it was because I was trying to connect to an old version of Microsoft SQL Server (2012, ver. 11.00.3156) using the latest versión of the SQL Server JDBC Driver (ver. 12.2.0) with a newer versión JDK (ver. 11.0.15).
It happens because newer versión of JDK by default dissable some old security algorithms like TLSv1.0 (in favor of newer like TLSv1.2/TLSv1.3) which the old SQL Server is requiring as security algorithm.
To solve the issue I changed the JDBC driver to an older version 8.2.2 and I had to pass some java security VM options to the JDK to override some security configs and remove TLSV1.0 from the disabled algorithms
VM options to pass to JDK
-Djdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
(note that TLSv1.0 and TLSv1.1 are removed from the original JDK list)
Doing that I managed to successfully connect to the old SQL Server 2012. Hope this help you
On Linux but, Java being cross platform, I believe the main options I used still apply. I had the same errors as OP and an additional one about a self-signed jar. I ve revised this based on the easier method from this answer. To use the tool to connect and install/manage the OS:
I first downloaded an old JDK and saved it in its own location (/usr/local/lib/jvm/jre1.8.0_x/ where x is the actual version number), without adding it to $PATH. I didn t want the outdated version to be used by default for anything.
Within that JRE directory base, I copied lib/security/java.security to lib/security/java-old-tls.security, so the defaults remain untouched for reference. I opened the latter for editing and deleted the old TLS versions from the list in jdk.tls.disabledAlgorithms, and saved.
I ran /usr/local/lib/jvm/jre1.8.0_x/bin/javaws -viewer, then Esc d out of the cache viewer dialogue, to show the main settings dialogue behind it. I added the servers to the Exception Site List under the Security tab, e.g. https://10.24.12.6/, then enabled the old TLS versions at the bottom of the Advanced tab and clicked OK.
I then ran the following command to execute the downloaded .jnlp. The environment variable is set inline so it s used only for that one run rather than using a global setting or affecting the entire shell. In Windows, you probably have to set that environment variable separately, which would affect all subsequent invocations of java, javaws, etc. in that running shell, but the values should be the similar.
_JAVA_OPTIONS= -Djava.security.properties=/usr/local/lib/jvm/jre1.8.0_x/lib/security/java-old-tls.security /usr/local/lib/jvm/jre1.8.0_x/bin/javaws jviewer.jnlp
This causes Java to show warning dialogues rather than blocking the app from loading entirely.