我在使用Java的SSLEngine时遇到了一个小问题。我用它在客户端和服务器之间创建SSL连接。这不是基于Web的应用程序。
我正在为我的产品开发人员创建一个框架,以便在客户端和服务器之间进行通信。根据他们的配置,我必须创建连接。如果需要加密,我必须创建一个加密通道并将其提供给它们;如果没有,我只需创建一个没有加密但带有消息摘要的SSL通道,因此我需要启用的密码套件是SSL_RSA_WITH_NULL_MD5。
如果需要加密,我将使用SSL_RSA_WITH_<some encryption algo>_SHA/MD5。
我可以配置第二个......但是无法配置SSL_RSA_WITH_NULL_MD5。消息No cypher suites in common给了我一个例外。我用来开发它的框架是Netty(jboss-netty)。
任何人都可以帮我解决这个问题吗?
code ::
public static ChannelFuture doHandshake(Channel channel,boolean isServer){
if (isServer) {
SSLEngine engine = SslContextFactory.getServerContext().createSSLEngine();
engine.setUseClientMode(false);
//engine.setWantClientAuth(true);
engine.setNeedClientAuth(true);
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
String[] enabledSuites = engine.getEnabledCipherSuites();
//String[] sdf = engine.getSupportedCipherSuites();
engine.setEnabledCipherSuites(getWantedCyphers(enabledSuites, true));
engine.setEnableSessionCreation(true);
channel.getPipeline().addFirst(SSL_SERVER_HANDLER_NAME, new SslHandler(engine));
SslHandler sslHandler = (SslHandler) channel.getPipeline().get(SSL_SERVER_HANDLER_NAME);
sslHandler.setEnableRenegotiation(true);
return sslHandler.handshake();
} else {
SSLEngine engine = SslContextFactory.getClientContext().createSSLEngine();
engine.setUseClientMode(true);
engine.setEnableSessionCreation(true);
//engine.setWantClientAuth(true);
//engine.setNeedClientAuth(true);
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
String[] enabledSuites=engine.getEnabledCipherSuites();
//String[] sdf=engine.getSupportedCipherSuites();
engine.setEnabledCipherSuites(getWantedCyphers(enabledSuites,true));
channel.getPipeline().addFirst(SSL_CLIENT_HANDLER_NAME, new SslHandler(engine));
SslHandler sslHandler = (SslHandler) channel.getPipeline().get(SSL_CLIENT_HANDLER_NAME);
sslHandler.setEnableRenegotiation(true);
return sslHandler.handshake();
}
}
public static String[] getWantedCyphers(String[] enabledSuites,boolean isEnabled) {
List<String> wantedCyphers = new LinkedList<String>();
String[] finalEnabledCyphers = null;
if (!isEnabled) {
finalEnabledCyphers = new String[1];
finalEnabledCyphers[0] = "SSL_RSA_WITH_NULL_MD5";
return finalEnabledCyphers;
}
String configFilePath = TestConstants.CONFIG_FILE;
ConfigSAXParser configParser = new ConfigSAXParser();
<OurOwnConfigClass>config = null;
try {
config = (<OurOwnConfigClass>(configParser.parseFile(configFilePath));
} catch (SAXParserException spe){
}
<ourOwnConfigSubClass> communicationConfig = config.getCommunicationConfig();
String[] requestedCyphers = communicationConfig.getEncryptionAlgorithms();
for (int i=0;i<requestedCyphers.length;i++){
requestedCyphers[i] = "SSL_RSA_WITH_"+requestedCyphers[i]+"_SHA";
}
List<String> stList = new LinkedList<String>();
for (int i=0;i<enabledSuites.length;i++) {
stList.add(enabledSuites[i]);
}
for (int j=0;j<requestedCyphers.length;j++) {
if (stList.contains(requestedCyphers[j])) {
wantedCyphers.add(requestedCyphers[j]);
}
}
Object[] strings = wantedCyphers.toArray();
finalEnabledCyphers = new String[strings.length];
for (int k=0;k<strings.length;k++) {
finalEnabledCyphers[k] = (String)strings[k];
}
return finalEnabledCyphers;
}
答案 0 :(得分:1)
您是否已将其添加到启用的密码套件中?
答案 1 :(得分:1)
“no cipher suites in common”消息表明服务器不接受Client Hello消息中的任何密码套件。这更是如此,因为您尝试使用不执行任何数据加密的空密码套件。默认情况下,大多数服务器不支持null密码套件,您必须明确启用它。