rc4 java 1.8,SSL握手失败 - Java 1.8

最新推荐文章于 2024-06-22 10:03:53 发布
最新推荐文章于 2024-06-22 10:03:53 发布
阅读量185 收藏
点赞数
文章标签: rc4 java 1.8

Just letting folks know about an issue I had that many seemed to have had after upgrading to Java 1.8. Not all of the solutions are the same hence posting how I resolved this.

But first... This is not a solution worthy of production systems since security is being effectively downgraded. However, if you are blocked testing etc. it is probably quite suitable.

My issue was that no matter what I did... enabled SSLv3 etc. I always received

"javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".

Here are the steps I took to 'solve' this.

First, I discovered which cipher the server was using. I did this via openssl.

openssl s_client -host yourproblemhost.com -port 443

This yields (at the end...)

SSL-Session:

Protocol : TLSv1.2

Cipher : RC4-MD5

Now.. what do we use 'Java-wise' to enable that cipher?

In that link, it has the names and their Java counterpart. So for RC4-MD5, we have SSL_RSA_WITH_RC4_128_MD5.

ok good. Now I added a System property.

-Dhttps.cipherSuites=SSL_RSA_WITH_RC4_128_MD5

And in my code...

Security.setProperty("jdk.tls.disabledAlgorithms", "" /*disabledAlgorithms */ );

Again.. this is an absolute last resort 'fix'... But if you're hitting your head aganst a wall to get it running (for testing), I hope it comes in useful.

解决方案

With JDK 1.8.0_51 release RC4 is no longer supported from Java as client (also as server) to negotiate SSL handshake, RC4 is considered weak (and compromised ) cipher and that is the reason for removal

You can still however enable it by removing RC4 from jdk.tls.disabledAlgorithms from your Java security config or progamatically enabling them using setEnabledCipherSuites() method

However better solution would be to update the server configuration (if it is under your control) to upgrade to stronger Ciphers

RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods.

As to your approach on setting it by using Security.setProperty(), it is not reliable way because the fields which hold disabled algorithms are static and final, So if that class gets loaded first you don't have controll over it, you could alternatively try by creating a properties file

like this

## override it to remove RC4, in disabledcipher.properties

jdk.tls.disabledAlgorithms=DHE

and in your JVM, you could refer it as system property like this

java -Djava.security.properties=disabledcipher.properties blah...

核儿
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Java知识脉络
QQ418579986的博客
11-01 272
笔试实战
解决jdk1.8发送邮件SSL握手失败问题
qq_15340759的博客
10-26 1203
今天在写一个邮件发送Demo的时候,出现了下面的问题 发送邮件失败Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: smtp.qq.com, port: 465; nested exception is:
rc4 java 1.8_SSL握手失败Java 1.8
weixin_36025345的博客
02-13 264
只是让人们知道我升级到Java 1.8后似乎已经遇到的一个问题.并非所有解决方案都相同,因此发布了我如何解决这个问题.但首先……由于安全性正在被有效降级,因此这不是一个值得生产系统的解决方案.但是,如果你被阻止测试等,它可能是非常合适的.我的问题是无论我做了什么……启用SSLv3等我总是收到"javax.net.ssl.SSLHandshakeException: Received fatal a...
为什么配置Java环境后会出现SSL问题?
最新发布
振华OPPO的博客世界
06-22 599
在配置Java 8环境后出现SSL证书问题,可能是由于Java 8中高版本禁用了一些旧版SSL/TLS协议,这些协议被认为存在安全漏洞。如果您的应用程序或依赖的库试图使用这些已经被禁用的协议进行通信,就会出现SSL握手失败的问题。如果必须禁用某些协议,请确保了解潜在的安全风险,并在必要时采取额外的安全措施。如果您不想改变JDK的全局配置,或者需要针对特定的HTTP客户端进行调整,您可以在代码中设置SSL上下文,以允许使用特定的协议版本。检查服务器和客户端的SSL配置,确保使用正确的协议版本和加密套件。
JDK1.8下qq邮箱发邮件出现握手失败
老赫的私人厨房
02-18 1505
1.    问题现象 (1).    在jdk1.8环境下,用javamail.jar做邮件发送,其他邮箱都能正常发送邮件,但qq邮箱出现了一下问题。 2.    原因分析 (1)这个问题是jdk导致的,jdk1.8里面有一个jce.jar的包,安全性机制导致qq邮箱的访问https会报错。 3.    处理步骤 (1)处理这个错误有两种方法:
解决jdk1.7 不支持TLS1.2的问题
02-09 6130
场景   java程序使用https方式调用nessus接口时,使用jdk1.7返回如下内容: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?  使用jdk1.8返回正常 {"token":"f360654233f65d964ed220914ec10916fe206a3d1b1c1b...
java 输出ssl握手信息_使用JavaSSL握手错误
weixin_35514865的博客
02-25 192
我正在尝试使用SSL证书将Java客户端与JMX服务器连接 .但遗憾的是,此连接会产生SSL握手错误 . 当我尝试使用 -Djavax.net.debug=all 标志进行调试时,我在java客户端上收到以下错误消息 .2016-07-15T13:29:50.02-0700 [APP / 0] OUT RMI RenewClean- [10.200.0.27:44445,javax.rmi.ssl...
java邮件发送不成功_(转)解决jdk1.8中发送邮件失败(handshake_failure)问题
06-02
这可能是因为 JDK 1.8 默认使用 TLSv1.2 协议进行 SSL 握手,而有些邮件服务器不支持该协议导致握手失败。可以尝试以下两种解决方案: 1. 使用 SSLv3 协议进行 SSL 握手 可以通过设置系统属性 `javax.net.ssl.SSL...
读书笔记-Java高级编程-魏勇
u011225581的专栏
01-21 576
Java高级编程 魏勇 清华大学出版社 ISBN-9787302450948 仅供参考, 自建索引, 以备后查 一、javadoc、jar、JMX、SVN、Git /** * 此类注释出在执行命令后生成文档,而且只在public方法、属性上有效 * @author Colin * @version 1.3.2 Colin 2020-11-19 <br/> * 1.3.3 Colin 2021-01-19 */ # java...
openjdk遇到的https的ssl异常解决方案
09-13
ciphers="TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA" /> ``` 在上面的配置信息中,指定了 HTTPS 连接的端口号、协议、SSL/TLS 协议...
java基础复习篇
m0_67247641的博客
11-01 387
Java泛型是JDK5中引入的一个新特性。使用泛型参数,可以增强代码的可读性、稳定性。编译器可以对泛型参数进行检测,并且通过泛型参数可以指定传入的对象类型。比如:ArrayList persons = new ArrayList()这行代码就指明了该ArrayList()这行代码就只能传入Person对象,如果传入其他类型的对象就会报错。并且,原生 List 返回类型是 Object,需要手动转换类型才能使用,使用泛型后编译器自动转换。
【BugFix】https 握手失败 SSLHandshakeException handshake_failure
opi
11-01 2246
1.现象 客户端httpclient访问https服务端,抛出javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 2.原因 JDK1.8版本不支持服务端要求的加密算法套件,当加密密钥长度>128 2.1排查过程 由于客户端做了永久信任,服务端也要求单向认证,所以一定不是证书问题。 ...
java rsa 128_How do I use SSL_RSA_WITH_RC4_128_MD5 in Java 8 (1.8.0_51) — oracle-tech
weixin_33476149的博客
02-24 171
We have an old End-Of-Life server that requires TLS1.0, specifically the SSL_RSA_WITH_RC4_128_MD5 cipher, but while using the default TLS overrides of -Dhttps.protocols="TLSv1 -Djdk.tls.client.protoco...
could not find java in JAVA_HOME at /root/jdk1.8.0_361/bin/java
qq_38220334的博客
04-20 927
但是我明明已经安装了jdk1.8,怎么个情况呢。然后再浏览器端测试访问es如下,成功喽,😄。查看我配置JDK环境变量的文件,显示如下。解决方案:将jdk安装在其他目录下。再次启动时,正常启动起来了。
Centos7.3安装Elasticsearch
weixin_44821826的博客
07-15 577
centos中安装es 首先在https://www.elastic.co/cn/downloads/elasticsearch下载linux版本(我下载的时7.13.3)版本 linux下可以使用wget https://www.elastic.co/cn/downloads/elasticsearch 下载也可以使用xftp连接上传压缩包 下载好后解压文件 tar -zxvf elasticsearch-7.13.3-linux-x86_64.tar.gz解压文件到当前文件夹 因为es和jav..
Java1.8升级导致邮件发送失败SSLHandshakeException
Tracy的专栏
05-14 878
邮件忽然无法发送了,报SSLHandshakeException。 log如下 org.apache.catalina.core.StandardWrapperValve.invoke 在路径为的上下文中,Servlet[springMvc]的Servlet.service()引发了具有根本原因的异常Request processing failed; nested exception is javax.mail.MessagingException: Could not convert socket to
https握手失败原因分析
热门推荐
csj50的专栏
11-28 1万+
https握手失败原因分析 问题:接收对方异步通知,用jdk1.8+tomcat可以收到,用jdk1.6+weblogic10g收不到信息。 分析: 使用tcpdump抓包,Wireshark解析文件 tcpdump -i eth3 -nn -XX -vvv port 443 -w /tmp/weblogic2.cap tcpdump -i eth3 -nn -XX -vvv port 443 ...
ElasticSearch启动报错could not find java in ES_JAVA_HOME at “C:\Program Files\Ja ---ElasticSearch工作笔记031
添柴程序猿的专栏
02-12 4636
[root@localhost elasticsearch]# su - elk /opt/softs/elasticsearch/bin/elasticsearch & [1] 13670 [root@localhost elasticsearch]# 上一次登录:三 2月 9 14:47:37 CST 2022pts/2 上 could not find java in JAVA_HOME or bundled at /root/jdk1.8.0_121/bin/java 这个错误,可以看..
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值