www1.ecall.ch提供程序禁用SSLv3后,我们针对JDK 7的CXF调用开始失败,我不明白为什么。该问题已通过设置解决,-Dhttps.protocols=TLSv1但我很惊讶这甚至是必要的。
JDK 7/8支持所有SSLv2Hello(2),SSLv3,TLSv1,TLSv1.1和TLSv1.2,我希望
这是设置之前的SSL调试日志的相关部分,-Dhttps.protocols=TLSv1即使用JVM默认值(我一开始就切断了所有证书的列表):
trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(180000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
%% No cached client session
*** ClientHello, SSLv3
RandomCookie: GMT: 1403944475 bytes = { 12, 68, 193, 229, 85, 79, 86, 211, 209, 34, 251, 218, 184, 7, 51, 93, 180, 144, 114, 70, 105, 252, 31, 61, 151, 188, 165, 177 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: www1.ecall.ch]
***
[write] MD5 and SHA1 hashes: len = 205
0000: 01 00 00 C9 03 00 54 AE 7E 1B 0C 44 C1 E5 55 4F ......T....D..UO
0010: 56 D3 D1 22 FB DA B8 07 33 5D B4 90 72 46 69 FC V.."....3]..rFi.
0020: 1F 3D 97 BC A5 B1 00 00 4C C0 09 C0 13 00 2F C0 .=......L...../.
0030: 04 C0 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 ................
0050: 04 00 FF 00 09 00 15 00 12 00 03 00 08 00 14 00 ................
0060: 11 00 20 00 24 00 1F 00 23 00 1E 00 22 00 28 00 .. .$...#...".(.
0070: 2B 00 26 00 29 01 00 00 54 00 0A 00 34 00 32 00 +.&.)...T...4.2.
0080: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
0090: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
00A0: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
00B0: 16 00 0B 00 02 01 00 00 00 00 12 00 10 00 00 0D ................
00C0: 77 77 77 31 2E 65 63 61 6C 6C 2E 63 68 www1.ecall.ch
main, WRITE: SSLv3 Handshake, length = 205
[write] MD5 and SHA1 hashes: len = 179
0000: 01 03 00 00 8A 00 00 00 20 00 C0 09 06 00 40 00 ........ .....@.
0010: C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E 00 00 ..../...........
0020: 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 00 05 3..2............
0030: 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 0A 07 ................
0040: 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 00 00 ................
0050: 13 00 00 04 01 00 80 00 00 FF 00 00 09 06 00 40 ...............@
0060: 00 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 ................
0070: 00 14 00 00 11 00 00 20 00 00 24 00 00 1F 00 00 ....... ..$.....
0080: 23 00 00 1E 00 00 22 00 00 28 00 00 2B 00 00 26 #....."..(..+..&
0090: 00 00 29 54 AE 7E 1B 0C 44 C1 E5 55 4F 56 D3 D1 ..)T....D..UOV..
00A0: 22 FB DA B8 07 33 5D B4 90 72 46 69 FC 1F 3D 97 "....3]..rFi..=.
00B0: BC A5 B1 ...
main, WRITE: SSLv2 client hello message, length = 179
[Raw write]: length = 181
0000: 80 B3 01 03 00 00 8A 00 00 00 20 00 C0 09 06 00 .......... .....
0010: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
0020: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
0030: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
0040: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
0050: 00 00 13 00 00 04 01 00 80 00 00 FF 00 00 09 06 ................
0060: 00 40 00 00 15 00 00 12 00 00 03 02 00 80 00 00 .@..............
0070: 08 00 00 14 00 00 11 00 00 20 00 00 24 00 00 1F ......... ..$...
0080: 00 00 23 00 00 1E 00 00 22 00 00 28 00 00 2B 00 ..#....."..(..+.
0090: 00 26 00 00 29 54 AE 7E 1B 0C 44 C1 E5 55 4F 56 .&..)T....D..UOV
00A0: D3 D1 22 FB DA B8 07 33 5D B4 90 72 46 69 FC 1F .."....3]..rFi..
00B0: 3D 97 BC A5 B1 =....
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Broken pipe
main, called closeSocket()
main, called close()
main, called closeInternal(true)
[...upper part of stacktrace...]
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
[...remaining part of stacktrace...]
如果我没弄错,JVM首先尝试使用aSSLv3 Handshake然后SSLv2 client hello message在采用TLSv1之前尝试使用a 。
但是,当我启用TLS作为唯一受支持的协议时,为什么它在尝试TLSv1后失败了?服务器(IIS 8.5)是否尝试进行套接字连接断开的一些非常规握手?
JVM(更确切地说是JSSE)不尝试自上而下。它遵循RFC(包括SSLv2 ClientHello的附录)并发送一个ClientHello声明所支持的最高版本,服务器可以使用小于或等于该版本的任何版本进行答复。如果服务器认为我们的最高价太低,它将直接拒绝握手。如果服务器(暂时)接受某个版本,我们认为该版本太低(或想跳过,但这很愚蠢),我们将中止握手。浏览器“回退”到较低协议的常见行为导致了POODLE(请参阅有关哪个的许多问题)。
javax.net.debug在这种情况下,跟踪显示会产生误导。如果启用了SSLv2Hello-默认情况下在Java6中启用了SSLv2Hello,而在Java7中则未启用,您是否在某处进行了更改?-JSSE显然显示SSLv3 +(新格式)问候和SSLv2(映射旧格式)问候,并说“ WRITE”,但实际上仅发送后者,并通过确认openssl s_server。
因此很明显,如果不进行https.protocol更改,您的客户端将发送SSLv2格式的问候,而服务器将拒绝它。这并不是绝对必要的:从技术上讲,可以使用SSLv2格式来协商TLSv1.0,甚至更高版本,例如OpenSSL可以这样做,但这不是一个好主意。SSLv2协议自2001年以来就被公认为不安全,并在2011年被RFC 6176正式禁止,并且SSLv2格式的hello无法支持扩展,包括ECC半要求的扩展,1.2中的sigalgs以及(如@Steffen所述) )当今许多Web服务器需要或想要的SNI。服务器禁止SSLv3的配置也很有可能会禁止SSLv2格式,那将是我的选择,如果是这样,那是最好的选择。
另外:在您的代码(或可能是库)中似乎正在启用所有或几乎所有受支持的密码。这是一个坏主意。您好,您将获得多年来一直不安全的Single-DES套件,永远不安全的导出套件,以及在Internet上完全无用的Kerberos套件,包括无用且完全不安全的Kerberos导出套件。体面的服务器不会同意这些,但是,如果您碰巧连接到配置错误或错误的服务器,则您将获得明显的成功连接,除非您进行非常仔细的监视,否则它不会不安全。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句