javax.net.ssl.SSLException: Received fatal alert: protocol_version
问题
使用JDK1.8环境开发,部署到JDK1.7服务器上,就出现以下问题:
javax.net.ssl.SSLException: Received fatal alert: protocol_version
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
at com.base.util.MySSLProtocolSocketFactory.main(MySSLProtocolSocketFactory.java:115)
原因
在Java 1.8上,默认TLS协议是v1.2。在Java 1.6和1.7上,默认是已废弃的TLS1.0
解决方法
升级JDK版本,最直接。可是由于某些项目的原因,不能升级JDK版本,只能去解决这个问题。
1.在发起请求前面设置TLSv1.2
协议
System.setProperty("https.protocols", "TLSv1.2");
或 System.setProperty("jdk.tls.client.protocols", "TLSv1.2");
或 java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
.....
没有解决我的问题,使用System.setProperty("javax.net.debug", "all");
打印出log,协议版本还是TLSv1
2.将其指定为命令行参数
-Dhttps.protocols=TLSv1.2
也是没有解决我的问题,协议版本还是TLSv1
3.修改Tomcat/bin/catalina.bat
,加上命令参数
JAVA_OPTS =%JAVA_OPTS%-Dhttps.protocols = TLSv1.2 -Djdk.tls.client.protocols = TLSv1.2
也是没有解决我的问题,协议版本还是TLSv1
4.修改Spring配置文件
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" value="#{@systemProperties}" />
<property name="targetMethod" value="putAll" />
<property name="arguments">
<props>
<prop key="https.protocols">TLSv1.2</prop>
</props>
</property>
</bean>
也是没有解决我的问题,协议版本还是TLSv1
参考: