java8+tomcate8仅支持TLSv1.2

 

1、编辑$tomcat_home/conf/server.xml

<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true" truststoreType="JKS"
           keystoreFile="/root/zuoys.keystore" keystorePass="123456"
           clientAuth="false" 
           sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" />

如果向下兼容1.0、1.1,则:sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

2、通过openssl测试

测试1.2:

D:\OpenSSL-Win64\bin>openssl s_client -connect 192.168.163.131:8443 -tls1_2
CONNECTED(000000D8)
depth=0 C = cn, ST = \E5\8C\97\E4\BA\AC, L = \E5\8C\97\E4\BA\AC, O = \E9\93\B6\E7
verify error:num=18:self signed certificate
verify return:1
depth=0 C = cn, ST = \E5\8C\97\E4\BA\AC, L = \E5\8C\97\E4\BA\AC, O = \E9\93\B6\E7
verify return:1
---
Certificate chain
 0 s:/C=cn/ST=\xE5\x8C\x97\xE4\xBA\xAC/L=\xE5\x8C\x97\xE4\xBA\xAC/O=\xE9\x93\xB6\
   i:/C=cn/ST=\xE5\x8C\x97\xE4\xBA\xAC/L=\xE5\x8C\x97\xE4\xBA\xAC/O=\xE9\x93\xB6\
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDeTCCAmGgAwIBAgIEXhol8zANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJj
bjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYDVQQHDAbljJfkuqwxHjAcBgNVBAoMFemT
tuebiOmAmuaUr+S7mOWFrOWPuDEMMAoGA1UECxMDZWJjMQ4wDAYDVQQDEwV6dW95
czAeFw0xOTA4MDcxMDE5NTBaFw0xOTExMDUxMDE5NTBaMG0xCzAJBgNVBAYTAmNu
MQ8wDQYDVQQIDAbljJfkuqwxDzANBgNVBAcMBuWMl+S6rDEeMBwGA1UECgwV6ZO2
55uI6YCa5pSv5LuY5YWs5Y+4MQwwCgYDVQQLEwNlYmMxDjAMBgNVBAMTBXp1b3lz
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1JSmQP/pbYZa8VH44Y+
mOl7Jhpnnhc1tySF8NXWMMkBkdmUOIPkKM5QpUMPS4MggQEc5OuV1gNZ0TVhIy1F
neABYto+PlcgUmKwTC65JEHbHWOElInhPxR/10Pec+Om39LnWnex/mw673p01Gnp
bGqTjEhm+ctWVvfEMhQEsBSqBednh63n6N41BS7AyMq3vm4LxOhjBaMf3dtpI6w8
i616o8mMTaIM4o1Frw5GILVm4vn6QZJB51kNthAyG8uoqrtzXZM02ha84m5U8AKI
8esIJIFDCK1nyQZ3/SI42hIm3714S4Ae3LApKfq6C9kP8at2ROKk+XkANZsjYHUr
1wIDAQABoyEwHzAdBgNVHQ4EFgQUGLXHe6DvI54spW7EmNCozFFRHnUwDQYJKoZI
hvcNAQELBQADggEBABa0pKmVcCao8J65lWai0zCdDLFM9yzcy+90Z+bbJLv21LSU
0vFYFJX/UyiwkwWNdavkDYCY/qXrJXwpbNCb9ZqgCEFO9t+0fjMltJfnHNNuQvsb
539Xi55fiuGYG1l2BKA+NHuKG99d8ZBKKGete6kJFknlfdk7dDfM1wJir6NDdu+X
TSA5fGXfZk0dF9WIbcZK7wVYJMOjaW+88fONgpQxShT9IUiGlrGT71gfjKDTL0R6
OvWbI9V8Qs0UxQIU8ayAi8dRsxAN4hNUyQ6523ZtJmFMm8pmiqFnQgcdK9p9+9Fc
a+fO/541JBRCKuaZ2a4ReBhSn7q7lOHCZE2zxQk=
-----END CERTIFICATE-----
subject=/C=cn/ST=\xE5\x8C\x97\xE4\xBA\xAC/L=\xE5\x8C\x97\xE4\xBA\xAC/O=\xE9\x93\x
issuer=/C=cn/ST=\xE5\x8C\x97\xE4\xBA\xAC/L=\xE5\x8C\x97\xE4\xBA\xAC/O=\xE9\x93\xB
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1377 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 5D4CCEDF2C45AF319A383F2C9077F995BC9BCBBD5F7375383319DE7BDE73EAF0
    Session-ID-ctx:
    Master-Key: CA26D76E01AAE4E3157546BE07610468B4E18D120A8B95DA5F9D91FE20AA6F5A1
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1565314785
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---

 

测试1.1:

D:\OpenSSL-Win64\bin>openssl s_client -connect 192.168.163.131:8443 -tls1_1
CONNECTED(000000D8)
7540:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:.\ssl\s3_pkt.c:362:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1565314902
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

D:\OpenSSL-Win64\bin>

 

测试1.0:

D:\OpenSSL-Win64\bin>openssl s_client -connect 192.168.163.131:8443 -tls1
CONNECTED(000000D8)
5424:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:.\ssl\s3_pkt.c:362:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1565314976
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

D:\OpenSSL-Win64\bin>

说明,tomcat仅支持TLSv1.2协议了。

 

转载于:https://www.cnblogs.com/yaoyuan2/p/11325240.html

手写Tomcat是指通过编写Java代码来实现一个简单的Web服务器,它可以处理HTTP请求并返回响应。手写Tomcat的过程可以帮助我们更好地理解Tomcat的工作原理和实现方式。一般来说,手写Tomcat需要完成以下几个步骤: 1. 基础Socket通信环境搭建:通过Java的Socket API来实现基本的网络通信功能,包括监听端口、接收请求、发送响应等。 2. 解析HTTP请求:从Socket中读取HTTP请求报文,并解析出请求方法、请求路径、请求参数等信息。 3. 处理HTTP请求:根据请求路径和请求方法,调用相应的Servlet或静态资源处理器来处理请求,并生成响应结果。 4. 构造HTTP响应:将处理结果封装成HTTP响应报文,并通过Socket发送给客户端。 在手写Tomcat的过程中,还需要使用到一些Java技术,比如Servlet、JSP、注解等。其中,Servlet是Java Web开发中最重要的组件之一,它可以接收HTTP请求并生成响应结果。JSP是一种动态网页技术,它可以将Java代码嵌入到HTML页面中,实现动态生成网页的功能。注解是一种元数据,它可以用来描述Java类、方法、变量等元素的特性,比如访问权限、作用域、路由等。 手写Tomcat是一个非常有挑战性的任务,需要具备一定的Java编程经验和Web开发知识。如果你想深入了解Tomcat的工作原理,或者想提高自己的Java编程能力,手写Tomcat是一个不错的选择。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值