最近,需要写一个支持 TLS 加密通讯的转发程序。
采用 Netty 框架。
客户端一方提出,需要使用采用 TLS_RSA_WITH_AES_256_CBC_SHA256 的 ciphersuite 进行加密。
于是,在 Netty 中设置,
- private final String[] CIPHERSUITES = {"TLS_RSA_WITH_AES_256_CBC_SHA256"} ;
- ........
-
- SSLEngine engine = context.createSSLEngine() ;
- ........
- engine.setEnabledCipherSuites(CIPHERSUITES);
以上代码运行,会出现以下的异常:
- [WARN][2016-03-31 14:26:34,259][io.netty.channel.ChannelInitializer]Failed to initialize a channel. Closing: [id: 0xa2bfcce4, /0:0:0:0:0:0:0:1:61998 => /0:0:0:0:0:0:0:1:4443]
- java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA256 with currently installed providers
- at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
- at sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2038)
- at com.ratta.service.TLSChannelInitializer.initChannel(TLSChannelInitializer.java:65)
- at com.ratta.service.TLSChannelInitializer.initChannel(TLSChannelInitializer.java:1)
- at io.netty.channel.ChannelInitializer.channelRegistered(ChannelInitializer.java:69)
- at io.netty.channel.ChannelHandlerInvokerUtil.invokeChannelRegisteredNow(ChannelHandlerInvokerUtil.java:32)
- at io.netty.channel.DefaultChannelHandlerInvoker.invokeChannelRegistered(DefaultChannelHandlerInvoker.java:50)
- at io.netty.channel.PausableChannelEventExecutor.invokeChannelRegistered(PausableChannelEventExecutor.java:56)
- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRegistered(AbstractChannelHandlerContext.java:345)
- at io.netty.channel.DefaultChannelPipeline.fireChannelRegistered(DefaultChannelPipeline.java:843)
- at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:519)
- at io.netty.channel.AbstractChannel$AbstractUnsafe.access$100(AbstractChannel.java:422)
- at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:492)
- at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:328)
- at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
- at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
- at io.netty.util.internal.chmv8.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1412)
- at io.netty.util.internal.chmv8.ForkJoinTask.doExec(ForkJoinTask.java:280)
- at io.netty.util.internal.chmv8.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:877)
- at io.netty.util.internal.chmv8.ForkJoinPool.scan(ForkJoinPool.java:1706)
- at io.netty.util.internal.chmv8.ForkJoinPool.runWorker(ForkJoinPool.java:1661)
- at io.netty.util.internal.chmv8.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:126)
经过查询相关资料,可以通过以下办法解决问题。
1.
到 http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
下载 JDK 1.6 对应的 JCE 包。
到 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
下载 JDK 1.7 对应的 JCE 包。
到 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
下载 JDK 1.8 对应的 JCE 包。
2.
将 JCE 包解压,得到两个 local_policy.jar 和 US_export_policy.jar 两个 JAR 包。
3.
将 local_policy.jar 和 US_export_policy.jar 替换到 %JAVA_HOME%/jre/lib/security 目录下面。覆盖下面的两个原本的 jar。
4.
重启程序或者重启服务器。
问题已解决。
转载自:http://blog.csdn.net/troylemon/article/details/51025929