在Grails前端应用程序上获取握手错误,该应用程序正在与已升级到TLS 1.1的API进行通信

时间:2018-05-31 10:02:42

标签: tomcat grails tls1.2

API服务器早先支持TLS 1.0版,而且工作正常。在它停止支持1.0后,开始出现这些错误 -

 Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService         :200  - wslite.rest.RESTClientException: Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService         :200  - null

在本地设置中,我们通过run-app命令直接在eclipse上运行Grails应用程序。要修复那里的TLS问题,我们将jvmArgs配置添加到应用程序配置文件BuildConfig.groovy,并且它有效 -

grails.project.fork = [
    // configure settings for the run-app JVM
    run: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]

在沙盒服务器上,我们通过在tomcat服务器上部署war文件来运行应用程序。我们尝试将相同的配置更改添加到配置文件中的war属性,但它不起作用 -

grails.project.fork = [
    // configure settings for the run-war JVM
    war: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]

然后我们也提到了同样的tomcat配置,但仍然没有成功。这是catalina日志,显示tomcat正在更新TLS配置 -

INFO: CATALINA_HOME:         /opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.config.file=/opt/tomcat7-cpp2/conf/logging.properties
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttps.protocol=TLSv1.1,TLSv1.2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=/opt/tomcat7-cpp2/endorsed
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.io.tmpdir=/opt/tomcat7-cpp2/temp
May 31, 2018 8:49:18 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found o
n the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib

然而,我们无法确认该应用程序还在读取针对war属性定义的更新的TLS配置。

任何帮助或指示都将不胜感激。

1 个答案:

答案 0 :(得分:0)

您的Tomcat配置中似乎有一个拼写错误,您指定-Dhttps.protocol=TLSv1.1,TLSv1.2。正确的系统变量是https.protocols(带有s)。