一、问题描述
项目报错:Cannot support TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers
java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2419)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:386)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
二、原因
jdk7不支持TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 加密套件,需要用jdk的补丁来增加ciphersuite
其实后面发现jdk8也不支持TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,也需要打补丁。
三、解决办法
1、下载对应的补丁包
2、将补丁包解压
解压补丁包,得到两个 local_policy.jar 和 US_export_policy.jar 两个 jar 包。
3、替换jar包
将 local_policy.jar 和 US_export_policy.jar 替换到 %JAVA_HOME%/jre/lib/security 目录下面。覆盖下面的两个原本的 jar。
4、重启服务运行