我们已经使用Open Liberty Web配置文件8构建了一个Docker映像,并且当前对salesforce API的HTTPS出站调用失败,并且从日志中似乎仅启用了TLSV1,并且从所有阅读中来看,似乎需要使用TLSV1.2已启用。我是Open Linberty的新手,我不知道该怎么做。在My Server.xml文件中,我具有以下条目:-
<keyStore id="defaultKeyStore" password="Liberty"/>
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="SSL_TLSv2"/>
但是即使在那之后,我仍然遇到错误,并且HTTPS调用失败:-
phx.salesforceliveagent.com/136.147.100.1:443 with timeout 0
2019-04-29T23:05:08.840527853Z 2019-04-29 23:05:08.839 DEBUG 1 --- [cutor-thread-16] o.a.h.c.ssl.SSLConnectionSocketFactory : Enabled protocols: [TLSv1]
2019-04-29T23:05:08.848027084Z 2019-04-29 23:05:08.845 DEBUG 1 --- [cutor-thread-16] o.a.h.c.ssl.SSLConnectionSocketFactory : Enabled cipher suites:[SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384, SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384, SSL_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_DSS_WITH_AES_128_GCM_SHA256]
2019-04-29T23:05:08.852594802Z 2019-04-29 23:05:08.851 DEBUG 1 --- [cutor-thread-16] o.a.h.c.ssl.SSLConnectionSocketFactory : Starting handshake
2019-04-29T23:05:08.905209219Z [err] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2019-04-29T23:05:09.063121768Z [err] at com.ibm.jsse2.k.a(k.java:42)
2019-04-29T23:05:09.067062984Z [err] at com.ibm.jsse2.k.a(k.java:37)
2019-04-29T23:05:09.098532614Z [err] at com.ibm.jsse2.av.b(av.java:549)
2019-04-29T23:05:09.101687527Z [err] at com.ibm.jsse2.av.a(av.java:715)
我不确定如何解决handhake_failure问题?有帮助吗?
更新04/30/2019:-已解决:-开发团队在此修复了代码,以确保强制执行TSLv1.2,目前已为我们解决了该问题。感谢Alasdair提供的关于创建jvm.options文件和创建用于设置为TLSv1.2的环境变量的想法,以防万一将来有人遇到麻烦时可以这么做。
UPDATE 05.01 / 2019-> IBM的Alasdir和Brian S Paskin也帮助了我使用jvm.options文件,它看起来应该像这样:-
-Dhttps.protocols=TLSv12
-Djdk.tls.client.protocols=TLSv12
-Dhttps.protocols=TLSv12
-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12
万一有人想走这条路。
答案 0 :(得分:0)
对于绊倒这个问题及其答案的任何人, 答案中有一种。缺少一个点,这将禁用所有TLS通信(取决于您的JDK / JRE)。
func customTextField (xco: CGFloat, yco: CGFloat, widthLength: CGFloat, heightLength: CGFloat, printSize: CGFloat) {
let passWordTextField = UITextField(frame: CGRect(x: xco, y: yco, width: widthLength, height: heightLength ))
let fontSize = CGFloat (printSize)
passWordTextField.placeholder = "Enter text here" //set placeholder text
passWordTextField.font = UIFont.systemFont(ofSize: fontSize) // set font size of text field
//passWordTextField.borderStyle = UITextField.BorderStyle.init(rawValue: 30)!
passWordTextField.layer.cornerRadius = 30.0
// passWordTextField.borderStyle = UITextField.BorderStyle.roundedRect
passWordTextField.autocorrectionType = UITextAutocorrectionType.no
passWordTextField.keyboardType = UIKeyboardType.default
passWordTextField.returnKeyType = UIReturnKeyType.done
passWordTextField.clearButtonMode = UITextField.ViewMode.whileEditing
passWordTextField.contentVerticalAlignment = UIControl.ContentVerticalAlignment.center
passWordTextField.delegate = self as? UITextFieldDelegate
self.view.addSubview(passWordTextField)
如果您不想为旧版服务器禁用TLSv1.1,则可以使用以下方法:
-Dhttps.protocols=TLSv1.2
-Djdk.tls.client.protocols=TLSv1.2
-Dhttps.protocols=TLSv1.2
-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv1.2
最后一个设置在IBM J9 VM和Eclipse OpenJ9 VM上尤其重要。您可以从appendopenjdk.net获得这些文件(以防万一)。