English 中文(简体)
无法从OpenJDK8建立到数据库服务器的TLSv1.2连接。
原标题:Can t establish TLSv1.2 connection from OpenJDK8 to database server

I m在开放JDK 1.8(通过MacOS的土机安装)上,有与我的Payara 4.1.2.181联系库数据库服务器连接的问题。 错误信息是底线,但我首先表示我的组合。

$ ./bin/java -version
openjdk version "1.8.0_372"
OpenJDK Runtime Environment (build 1.8.0_372-bre_2023_04_25_03_16-b00)
OpenJDK 64-Bit Server VM (build 25.372-b00, mixed mode)

$ nmap --script ssl-enum-ciphers -p 1433 dbserver
Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-31 22:25 EDT
Nmap scan report for dbserver
Host is up (0.062s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|_  least strength: C

Nmap done: 1 IP address (1 host up) scanned in 9.63 seconds

管道中的环流层:

import java.util.*;
import java.security.*;
import javax.net.ssl.*;

public class AvailableCipherSuites {

    public static void main(String[] args) throws Exception {

        // If an argument is present, then remove the
        // jdk.tls.disabledAlgorithms restrictions and
        // print all implemented cipher suites. 
        if (args.length != 0) {
            Security.setProperty("jdk.tls.disabledAlgorithms", "");
        }

        SSLContext sslc = SSLContext.getDefault();
        SSLSocketFactory sslf = sslc.getSocketFactory();
        SSLSocket ssls = (SSLSocket) sslf.createSocket();

        ArrayList<String> protocols = new ArrayList(
                Arrays.asList(ssls.getEnabledProtocols()));
        ArrayList<String> enabled = new ArrayList(
                Arrays.asList(ssls.getEnabledCipherSuites()));

        ArrayList<String> supported = new ArrayList(
                Arrays.asList(ssls.getSupportedCipherSuites()));
        supported.removeAll(enabled);
        System.out.println(System.getProperty("java.version"));
        System.out.println("Enabled by Default Cipher Suites");
        System.out.println("--------------------------------");
        protocols.stream().forEach(System.out::println);
        System.out.println("--------------------------------");
        enabled.stream().forEach(System.out::println);

        System.out.println();

        System.out.println("Not Enabled by Default Cipher Suites");
        System.out.println("------------------------------------");
        supported.stream().forEach(System.out::println);
    }
}

1.8.0_372
Enabled by Default Cipher Suites
--------------------------------
TLSv1.3
TLSv1.2
TLSv1.1
TLSv1
SSLv3
--------------------------------
TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Not Enabled by Default Cipher Suites
------------------------------------

MS JDBC驅動程序 mssql-jdbc-11.2.0.jre8 :

SSLProtocol=TLSv1.2
Encrypt=False

结果:

SEVERE:   javax.net.ssl|SEVERE|81|admin-thread-pool::admin-listener(2)|2023-05-31 22:37:18.751 EDT|TransportContext.java:323|Fatal (HANDSHAKE_FAILURE): Couldn t kickstart handshaking (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: No negotiable cipher suite
    at sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:538)
    at sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:510)
    at sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:112)
    at sun.security.ssl.TransportContext.kickstart(TransportContext.java:238)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
    at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1795)
)

SEVERE:   javax.net.ssl|FINE|81|admin-thread-pool::admin-listener(2)|2023-05-31 22:37:18.752 EDT|SSLSocketImpl.java:1615|close the underlying socket

SEVERE:   javax.net.ssl|FINE|81|admin-thread-pool::admin-listener(2)|2023-05-31 22:37:18.753 EDT|SSLSocketImpl.java:1634|close the SSL connection (initiative)

WARNING:   RAR8054: Exception while creating an unpooled [test] connection for pool [ MY_DATABASE ], Connection could not be allocated because: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No negotiable cipher suite". ClientConnectionId:a9f6b85c-072b-4be1-9b43-6038f5937673
SEVERE:   RestResponse.getResponse() gives FAILURE.  endpoint =  http://localhost:5858/management/domain/resources/ping-connection-pool.json ; attrs =  {id=MY_DATABASE}

在服务器开始运行时,也可在标识中找到以下功能:


SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.742 EDT|SSLCipher.java:487|Transformation RC4 is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.743 EDT|SSLCipher.java:487|Transformation DES/CBC/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.743 EDT|SSLCipher.java:487|Transformation RC4 is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.744 EDT|SSLCipher.java:487|Transformation DES/CBC/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.750 EDT|SSLCipher.java:487|Transformation DESede/CBC/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.751 EDT|SSLCipher.java:487|Transformation AES/CBC/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.751 EDT|SSLCipher.java:487|Transformation AES/CBC/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.752 EDT|SSLCipher.java:487|Transformation AES/GCM/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.753 EDT|SSLCipher.java:487|Transformation AES/GCM/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.755 EDT|SSLCipher.java:487|Transformation AES/GCM/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.755 EDT|SSLCipher.java:487|Transformation AES/GCM/NoPadding is not available.

SEVERE:   javax.net.ssl|FINE|99|Thread-17|2023-05-31 22:40:24.756 EDT|SSLCipher.java:438|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
问题回答

暂无回答


上一篇:
下一篇:


相关问题
Spring Properties File

Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...

时间:2009-11-13 05:05:41 回答:3 展示:1
Logging a global ID in multiple components

I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...

时间:2009-11-09 14:50:12 回答:4 展示:1
Java Library Size

If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...

时间:2009-11-09 14:44:57 回答:2 展示:1
How to get the Array Class for a given Class in Java?

I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....

时间:2009-11-05 09:41:59 回答:5 展示:1
SQLite , Derby vs file system

I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...

时间:2009-11-05 09:26:46 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全