满足https://netty.io/news/2018/10/30/4-1-31-Final.html中提到的所有要求:
该TLSv1.3默认情况下未启用,因此,如果要使用它,则需要在配置SslContextBuilder时通过使用TLSv1.3显式启用它(例如): SslContextBuilder.forClient()。protocols(“ TLSv1.3”)....
但是我遇到了如下异常:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at com.taobao.hsf.io.netty.common.tls.NettyHandShakeHandler.channelRead0(NettyHandShakeHandler.java:80)
at com.taobao.hsf.io.netty.common.tls.NettyHandShakeHandler.channelRead0(NettyHandShakeHandler.java:24)
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:648)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:583)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:500)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:454)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897)
at com.taobao.hsf.io.netty.util.PooledThreadFactory$PooledByteBufRunnable.run(PooledThreadFactory.java:37)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1194)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1155)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1226)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1269)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:216)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297)
at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1211)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1245)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
... 22 more
对此有什么想法吗?
答案 0 :(得分:1)
这是正确的方法,但是在这种情况下,仅启用TLSv1.3,这意味着如果服务器仅支持TLSv1.2,则握手将失败。通常,您不只希望支持TLSv1.3,还希望支持另一种协议,例如TLSV1.2。
SslContextBuilder.forClient().protocols("TLSv1.3", "TLSv.1.2");
答案 1 :(得分:0)
Netty 4.1.52-最终版本默认支持TLSv1.3,refer here了解更多信息。