在提供商禁用SSLv3并且我不明白为什么之后,我们针对www1.ecall.ch的JDK 7的CXF调用开始失败。通过设置-Dhttps.protocols=TLSv1解决了这个问题,但我很惊讶这甚至是必要的。
JDK 7/8支持所有SSLv2Hello(2),SSLv3,TLSv1,TLSv1.1和TLSv1.2以及我期待
这里是设置-Dhttps.protocols=TLSv1之前SSL调试日志的相关部分,即使用JVM默认值(我在开头切断了所有证书的列表):
trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(180000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
%% No cached client session
*** ClientHello, SSLv3
RandomCookie: GMT: 1403944475 bytes = { 12, 68, 193, 229, 85, 79, 86, 211, 209, 34, 251, 218, 184, 7, 51, 93, 180, 144, 114, 70, 105, 252, 31, 61, 151, 188, 165, 177 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: www1.ecall.ch]
***
[write] MD5 and SHA1 hashes: len = 205
0000: 01 00 00 C9 03 00 54 AE 7E 1B 0C 44 C1 E5 55 4F ......T....D..UO
0010: 56 D3 D1 22 FB DA B8 07 33 5D B4 90 72 46 69 FC V.."....3]..rFi.
0020: 1F 3D 97 BC A5 B1 00 00 4C C0 09 C0 13 00 2F C0 .=......L...../.
0030: 04 C0 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 ................
0050: 04 00 FF 00 09 00 15 00 12 00 03 00 08 00 14 00 ................
0060: 11 00 20 00 24 00 1F 00 23 00 1E 00 22 00 28 00 .. .$...#...".(.
0070: 2B 00 26 00 29 01 00 00 54 00 0A 00 34 00 32 00 +.&.)...T...4.2.
0080: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
0090: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
00A0: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
00B0: 16 00 0B 00 02 01 00 00 00 00 12 00 10 00 00 0D ................
00C0: 77 77 77 31 2E 65 63 61 6C 6C 2E 63 68 www1.ecall.ch
main, WRITE: SSLv3 Handshake, length = 205
[write] MD5 and SHA1 hashes: len = 179
0000: 01 03 00 00 8A 00 00 00 20 00 C0 09 06 00 40 00 ........ .....@.
0010: C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E 00 00 ..../...........
0020: 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 00 05 3..2............
0030: 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 0A 07 ................
0040: 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 00 00 ................
0050: 13 00 00 04 01 00 80 00 00 FF 00 00 09 06 00 40 ...............@
0060: 00 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 ................
0070: 00 14 00 00 11 00 00 20 00 00 24 00 00 1F 00 00 ....... ..$.....
0080: 23 00 00 1E 00 00 22 00 00 28 00 00 2B 00 00 26 #....."..(..+..&
0090: 00 00 29 54 AE 7E 1B 0C 44 C1 E5 55 4F 56 D3 D1 ..)T....D..UOV..
00A0: 22 FB DA B8 07 33 5D B4 90 72 46 69 FC 1F 3D 97 "....3]..rFi..=.
00B0: BC A5 B1 ...
main, WRITE: SSLv2 client hello message, length = 179
[Raw write]: length = 181
0000: 80 B3 01 03 00 00 8A 00 00 00 20 00 C0 09 06 00 .......... .....
0010: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
0020: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
0030: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
0040: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
0050: 00 00 13 00 00 04 01 00 80 00 00 FF 00 00 09 06 ................
0060: 00 40 00 00 15 00 00 12 00 00 03 02 00 80 00 00 .@..............
0070: 08 00 00 14 00 00 11 00 00 20 00 00 24 00 00 1F ......... ..$...
0080: 00 00 23 00 00 1E 00 00 22 00 00 28 00 00 2B 00 ..#....."..(..+.
0090: 00 26 00 00 29 54 AE 7E 1B 0C 44 C1 E5 55 4F 56 .&..)T....D..UOV
00A0: D3 D1 22 FB DA B8 07 33 5D B4 90 72 46 69 FC 1F .."....3]..rFi..
00B0: 3D 97 BC A5 B1 =....
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Broken pipe
main, called closeSocket()
main, called close()
main, called closeInternal(true)
[...upper part of stacktrace...]
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
[...remaining part of stacktrace...]
如果我做对了,JVM首先尝试SSLv3 Handshake然后尝试SSLv2 client hello message,然后再使用TLSv1。
但是,当我尝试使用TLS作为唯一支持的协议时,它为什么会尝试TLSv1失败呢?服务器(IIS 8.5)是否尝试进行套接字连接跳过的非常规握手?
答案 0 :(得分:7)
JVM(更准确地说是JSSE)不会自上而下尝试。它遵循RFC (包括SSLv2 ClientHello的附录)并发送一个 ClientHello,说明支持的最高版本,并且服务器可以回复任何小于或等于该版本的版本。如果服务器认为我们的最高值太低,它会完全拒绝握手。如果服务器(暂时)接受我们认为太低的版本(或者想跳过,但那很愚蠢),我们就会中止握手。这是"退回"的常见浏览器行为。导致POODLE的较低协议(参见许多问题)。
在这种情况下,出现javax.net.debug跟踪会产生误导。如果启用了SSLv2Hello - 默认情况下是在Java6中,而不是在Java7中,那么您是否在某处更改了它? - JSSE显然会显示并说'#34; WRITE"对于SSLv3 +(新格式)hello和SSLv2(映射旧格式)hello,它实际上只发送后者,(@Steffen)由openssl s_server确认。
很明显,如果没有https.protocol更改,您的客户端将发送SSLv2格式hello,服务器将拒绝它。这不是必须的:技术上可以使用SSLv2 格式来协商TLSv1.0甚至更高,例如OpenSSL可以这样做,但它不是一个好主意;自2001年以来,SSLv2 协议已被摒弃为已知的不安全因素,并且在2011年被RFC 6176正式禁止,而SSLv2 格式你好不支持扩展,包括那些ECC的半需求,1.2的sigalgs,以及(如@Steffen所述)许多网络服务器现在需要或想要的SNI。服务器的配置很可能禁止SSLv3也具有禁止SSLv2 格式的效果,这将是我的赌注,如果是这样,它是最好的。
此外:您的代码(或可能是库)中出现的内容正在启用所有或几乎所有受支持的密码。这是一个坏主意。你的hello提供多年来一直不安全的单DES套件,永远不安全的导出套件,以及在Internet上完全无用的Kerberos套件,包括无用的和的Kerberos导出套件完全没有安全感。一个体面的服务器不会同意这些,但如果您碰巧连接到配置错误或不正常的服务器,您将获得明显成功的连接,除非您密切监控,否则不会发现它是不安全的。