最重要的是,我无法更新我的史前JDK,这是不可能的。 我必须使用JDK 1.4.2_19,因为它是非solaris平台上Weblogic 8.1支持的最新JDK,我无法更新应用程序服务器(升级或迁移过于昂贵)。
所以我试图在JDK 1.4.2_19下用以下代码建立一个SSL连接(它只是一个测试类):
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", ""+proxyPort);
URL url = new URL (request);
SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
SSLContext context = SSLContext.getInstance("SSL");
context.init(null, trustManager, new SecureRandom()); // bypass certificate
SSLSocketFactory sf = context.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sf);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(sf);
connection.setHostnameVerifier(new TrustAllHostNameVerifier ()); // bypass certificate
connection.setRequestMethod("GET");
connection.setDoOutput(true);
InputStream content = (InputStream)connection.getInputStream();
BufferedReader in = new BufferedReader (new InputStreamReader (content));
String line;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
此代码产生以下错误:
main, handling exception: java.lang.ArrayIndexOutOfBoundsException: 64
main, SEND TLSv1 ALERT: fatal, description = internal_error
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 64
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:620)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA12275)
at xxx.test(TestJava14.java:162)
at xxx.TestJava14.main(TestJava14.java:85)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 64
at com.sun.net.ssl.internal.ssl.SunJSSE_bf.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_bf.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.c(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
... 8 more
经过数小时研究这个错误,我试图没有成功:
将BouncyCastleProvider与代码一起使用 Security.addProvider(new BouncyCastleProvider()); 并在java.security中使用 security.provider.2 = org.bouncycastle.jce.provider.BouncyCastleProvider
使用旧WAS服务器中的ibmjsseprovider(lib ibmjsseprovider2.jar) security.provider.2 = com.ibm.jsse2.IBMJSSEProvider2但不能与sun JDK一起使用,我得到异常:IBMJSSEProvider2 Build-Level:-20040601 java.lang.RuntimeException:导出限制:仅限SunJSSE
在java.security中禁用DHE算法: jdk.tls.disabledAlgorithms = DHE
强制应该正常工作的密码套件(无限制的策略文件已成功安装): String [] cipherSuites = {“TLS_RSA_WITH_AES_256_CBC_SHA”}; ss.setEnabledCipherSuites(密码组); (事实上,我也尝试了JSSE参考指南http://depinfo.u-bourgogne.fr/doc/j2sdk-1.4.3/guide/security/jsse/JSSERefGuide.html中提供的所有密码套件)