我正在尝试使用一些自定义SSL密码套件.特别是我的清单是
<util:list id="ciphers" value-type="java.lang.String"> <value>DHE-RSA-AES256-SHA</value> <value>DHE-DSS-AES256-SHA</value> <value>DHE-RSA-CAMELLIA256-SHA</value> <value>DHE-DSS-CAMELLIA256-SHA</value> <value>AES256-SHA</value> <value>CAMELLIA256-SHA</value> <value>SSL_RSA_WITH_RC4_128_MD5</value> <---this is the only one working <value>PSK-AES256-CBC-SHA</value> <value>EDH-RSA-DES-CBC3-SHA</value> <value>EDH-DSS-DES-CBC3-SHA</value> <value>DES-CBC3-SHA</value> <value>PSK-3DES-EDE-CBC-SHA</value> <value>DHE-RSA-AES128-SHA</value> <value>DHE-DSS-AES128-SHA</value> <value>DHE-RSA-CAMELLIA128-SHA</value> <value>DHE-DSS-CAMELLIA128-SHA</value> <value>AES128-SHA</value> <value>CAMELLIA128-SHA</value> <value>PSK-AES128-CBC-SHA</value> </util:list>
,由Spring初始化并传递给方法
tlsClientParameters.setCipherSuites()
不幸的是我的客户端无法连接到我创建的存根服务器.我得到的例外是:
Caused by: java.lang.IllegalArgumentException: Unsupported ciphersuite DHE-RSA-AES256-SHA at com.sun.net.ssl.internal.ssl.CipherSuite.valueOf(CipherSuite.java:171) at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:62) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:1977) at org.apache.cxf.transport.https.SSLSocketFactoryWrapper.enableCipherSuites(SSLSocketFactoryWrapper.java:101) at org.apache.cxf.transport.https.SSLSocketFactoryWrapper.createSocket(SSLSocketFactoryWrapper.java:71) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:372) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:883) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1394) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1336) at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42) at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1414) ... 41 more
当我尝试逐个删除密码套件时,每次都会使用不同的密码出现相同的异常,直到只剩下SSL_RSA_WITH_RC4_128_MD5.这是唯一似乎有效的方法.
我看一下How to control the SSL ciphers available to Tomcat似乎是一个相同的问题,但我没有空格.
编辑:作为旁注,我的系统在Java 1.5上运行可能是这个java版本不支持这些密码吗?如果没有,有没有办法绕过这个?
更新:我们迁移到Java 7,我仍然遇到同样的问题.我认为它与下面的一个答案有关,它们说这些不是密码的标准名称,因此不被java识别.如果是这种情况,我如何找到这些密码的标准名称?
解决方法
Could it be that these ciphers are just not supported at this java version?
当然.可用的密码套件已记录在案.见Standard Names document.
If not,is there a way around this?
除非您能找到支持它们的其他实现,否则不会.