我在Tomcat 8.5.8中有一个应用程序。我在Tomcat服务器前面有Apache 2.4 webserver。我用ssl TLS1.2和ciphursuite配置了Apache:SSLCipherSuite“HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128”。
现在,当我尝试对我的应用程序中的servlet进行httpsURLConnection调用时,它会抛出以下异常:
javax.net.ssl.SSLHandshakeException:收到致命警报: handshake_failure
我认为理想情况下httpsurlconnection代码不应该特别启用任何ciphursuites。请指点我。
我正在使用JDK 1.8。
答案 0 :(得分:0)
我替换了上面的Apache配置条目
SSLCipherSuite“HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128”
以下
的SSLCipherSuite“TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:EECDH + ECDSA + AESGCM:EECDH + ARSA + AESGCM:EECDH + ECDSA + SHA384:EECDH + ECDSA + SHA256:EECDH + ARSA + SHA384:EECDH + ARSA + SHA256:EECDH + ARSA + RC4:EECDH:EDH + ARSA:EECDH + AESGCM:EDH + AESGCM:AES256 + EECDH:AES256 + EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256 -GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:kEDH + AESGCM :DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA -AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128 -SHA256:DHE-DSS-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256 :AES256-SHA:AES128-SHA:AES256:AES128:AES:DES-CBC3-SHA:HIGH!aN的ULL:ENULL:EXPORT:DES:MD5:PSK:RC4"
它工作正常。绝对没有客户代码的变化。