问题:项目系统使用的存储系统SSL/TLS版本升级至1.2,导致本系统无法与存储系统建立SSL连接。
使用相同的keystore,客户端使用JDK8,可与对方系统TCP握手成功建立ssh connection。
但若客户端使用JDK6,则无法TCP握手成功。
分析root cause是说JDK6(低版本中)缺少一个加密算法以支持TLS1.2协议通讯。
相关知识查询:
Transport Layer Security (TLS)
Keystore
https://blog.csdn.net/wteruiycbqqvwt/article/details/90764611
JDK6 低版本不支持TLSv1.2
直至Advanced 6u121版本才实现支持
但Advanced JDK版本是付费的......
https://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121
security-libs/javax.net.ssl
TLS v1.2 support now available
TLS v1.2 is now a TLS protocol option with the release of JDK 6u121. By default, TLSv1.0 will remain the default enabled protocol on client sockets.
As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via SSLSocket/SSLEngine/SSLServerSocket APIs:
e.g.
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});
or by setting up and using a TLSv1.2 based SSLContext :
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
or by using the SSLParameters API:
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
The new jdk.tls.client.protocols System Property may also be used to control the protocols in use for a TLS connection (JDK-8151183).
One may launch their application with this property. E.g. java -Djdk.tls.client.protocols="TLSv1.2" will enable only TLSv1.2 on client SSLSockets.
Note that protocol versions specified via the new jdk.tls.client.protocols property will suppress any value set via the jdk.tls.client.enableSSLv2Hello property. SSLv2Hello can be passed to the jdk.tls.client.protocols value if necessary.
See JDK-8133817
了解一下JDK收费问题
https://blog.csdn.net/Kaitiren/article/details/85066935
6089
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
