我如何 force/configure Axis2 使用 TLS 1.1 或更高版本

How do I force/configure Axis2 to use TLS 1.1 or later

我有一个应用程序使用 Axis2 生成的源(WSDL2java 客户端代码、XMLbeans,使用 axis2-1.6.4)连接到服务。效果很好。

我正在连接的服务即将停止接受传入的 TLSv1 连接,因此我需要弄清楚如何使用 TLSv1.1 或 TLSv1.2 进行连接。我的客户端代码是 运行 java 1.7,我已经通过创建一个简单的测试客户端确认了必要的支持,运行 就像这样

java -Dhttps.protocols=TLSv1.1,TLSv1.2 TestConnect

在最终弄清楚 在这种情况下哪个是客户端之后,它似乎仍然根本不影响握手。意思是,套接字在尝试连接时被重置(不像我的 TestConnect 应用程序,它连接得很好)。此外,当我还设置“-Djavax.net.debug=ssl:handshake:verbose”时,我看到 v1.0 仍在握手中使用:

%% No cached client session
*** ClientHello, TLSv1
http-bio-8080-exec-9, WRITE: TLSv1 Handshake, length = 149
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
http-bio-8080-exec-9, handling exception: java.net.SocketException: Connection reset
http-bio-8080-exec-9
, SEND TLSv1 ALERT:  
fatal, 
description = unexpected_message
http-bio-8080-exec-9, WRITE: TLSv1 Alert, length = 2
http-bio-8080-exec-9, Exception sending alert: java.net.SocketException: Broken pipe

我终于注意到——基于文档here——设置https.protocol只会影响通过使用HttpsURLConnectionclass或通过[=30=建立的连接]() 操作。这让我怀疑 axis2 正在做其他事情,或者希望有不同的方式来启用同样的支持。

有人能指出我正确的方向吗?或者证实或反驳我的想法?

这是完整的堆栈跟踪:

2016-02-06 13:25:06,942 [http-bio-8080-exec-9] INFO  httpclient.HttpMethodDirector  - I/O exception (org.apache.axis2.AxisFault) caught when processing request: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
2016-02-06 13:25:06,948 [http-bio-8080-exec-9] DEBUG httpclient.HttpMethodDirector  - Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
Message: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
    Line | Method
->>  430 | makeFault               in org.apache.axis2.AxisFault
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|     78 | writeTo                 in org.apache.axis2.transport.http.SOAPMessageFormatter
|     84 | writeRequest . . . . .  in org.apache.axis2.transport.http.AxisRequestEntity
|    499 | writeRequestBody        in org.apache.commons.httpclient.methods.EntityEnclosingMethod
|   2114 | writeRequest . . . . .  in org.apache.commons.httpclient.HttpMethodBase
|   1096 | execute                 in     ''
|    398 | executeWithRetry . . .  in org.apache.commons.httpclient.HttpMethodDirector
|    171 | executeMethod           in     ''
|    397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
|    621 | executeMethod           in org.apache.axis2.transport.http.AbstractHTTPSender
|    193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
|     75 | send                    in     ''
|    396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
|    223 | invoke                  in     ''
|    443 | send . . . . . . . . .  in org.apache.axis2.engine.AxisEngine
|    406 | send                    in org.apache.axis2.description.OutInAxisOperationClient
|    229 | executeImpl . . . . . . in     ''
|    165 | execute                 in org.apache.axis2.client.OperationClient
|   1960 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
|     51 | ___init___              in com.zuora.zortal.util.ZApi$$EPbyIuau
|     48 | <init> . . . . . . . .  in com.zuora.zortal.repository.ZuoraRepository
|     40 | login                   in saaseiportal.unauthorized.LoginController
|    195 | doFilter . . . . . . .  in grails.plugin.cache.web.filter.PageFragmentCachingFilter
|     63 | doFilter                in grails.plugin.cache.web.filter.AbstractFilter
|   1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
|    615 | run                     in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run . . . . . . . . . . in java.lang.Thread
Caused by WstxIOException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
->>  261 | flush                   in com.ctc.wstx.sw.BaseStreamWriter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|     50 | flush                   in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
|    224 | close . . . . . . . . . in org.apache.axiom.om.impl.MTOMXMLStreamWriter
|    320 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
|      1 | serializeAndConsume . . in org.apache.axiom.om.impl.llom.OMElementImpl
|     74 | writeTo                 in org.apache.axis2.transport.http.SOAPMessageFormatter
|     84 | writeRequest . . . . .  in org.apache.axis2.transport.http.AxisRequestEntity
|    499 | writeRequestBody        in org.apache.commons.httpclient.methods.EntityEnclosingMethod
|   2114 | writeRequest . . . . .  in org.apache.commons.httpclient.HttpMethodBase
|   1096 | execute                 in     ''
|    398 | executeWithRetry . . .  in org.apache.commons.httpclient.HttpMethodDirector
|    171 | executeMethod           in     ''
|    397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
|    621 | executeMethod           in org.apache.axis2.transport.http.AbstractHTTPSender
|    193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
|     75 | send                    in     ''
|    396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
|    223 | invoke                  in     ''
|    443 | send . . . . . . . . .  in org.apache.axis2.engine.AxisEngine
|    406 | send                    in org.apache.axis2.description.OutInAxisOperationClient
|    229 | executeImpl . . . . . . in     ''
|    165 | execute                 in org.apache.axis2.client.OperationClient
|   1960 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
|     51 | ___init___              in com.zuora.zortal.util.ZApi$$EPbyIuau
|     48 | <init> . . . . . . . .  in com.zuora.zortal.repository.ZuoraRepository
|     40 | login                   in saaseiportal.unauthorized.LoginController
|    195 | doFilter . . . . . . .  in grails.plugin.cache.web.filter.PageFragmentCachingFilter
|     63 | doFilter                in grails.plugin.cache.web.filter.AbstractFilter
|   1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
|    615 | run                     in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run . . . . . . . . . . in java.lang.Thread
Caused by SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
->>   82 | flushBuffer             in java.io.BufferedOutputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    140 | flush                   in     ''
|    191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
|    103 | flush                   in com.ctc.wstx.io.UTF8Writer
|    225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
|    259 | flush                   in com.ctc.wstx.sw.BaseStreamWriter
|     50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
|    224 | close                   in org.apache.axiom.om.impl.MTOMXMLStreamWriter
|    320 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
|      1 | serializeAndConsume     in org.apache.axiom.om.impl.llom.OMElementImpl
|     74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
|     84 | writeRequest            in org.apache.axis2.transport.http.AxisRequestEntity
|    499 | writeRequestBody . . .  in org.apache.commons.httpclient.methods.EntityEnclosingMethod
|   2114 | writeRequest            in org.apache.commons.httpclient.HttpMethodBase
|   1096 | execute . . . . . . . . in     ''
|    398 | executeWithRetry        in org.apache.commons.httpclient.HttpMethodDirector
|    171 | executeMethod . . . . . in     ''
|    397 | executeMethod           in org.apache.commons.httpclient.HttpClient
|    621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
|    193 | sendViaPost             in org.apache.axis2.transport.http.HTTPSender
|     75 | send . . . . . . . . .  in     ''
|    396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
|    223 | invoke . . . . . . . .  in     ''
|    443 | send                    in org.apache.axis2.engine.AxisEngine
|    406 | send . . . . . . . . .  in org.apache.axis2.description.OutInAxisOperationClient
|    229 | executeImpl             in     ''
|    165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
|   1960 | login                   in com.zuora.api.ZuoraServiceStub
|     51 | ___init___ . . . . . .  in com.zuora.zortal.util.ZApi$$EPbyIuau
|     48 | <init>                  in com.zuora.zortal.repository.ZuoraRepository
|     40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
|    195 | doFilter                in grails.plugin.cache.web.filter.PageFragmentCachingFilter
|     63 | doFilter . . . . . . .  in grails.plugin.cache.web.filter.AbstractFilter
|   1145 | runWorker               in java.util.concurrent.ThreadPoolExecutor
|    615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run                     in java.lang.Thread
Caused by SSLException: java.net.SocketException: Connection reset
->>   82 | flushBuffer             in java.io.BufferedOutputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    140 | flush                   in     ''
|    191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
|    103 | flush                   in com.ctc.wstx.io.UTF8Writer
|    225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
|    259 | flush                   in com.ctc.wstx.sw.BaseStreamWriter
|     50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
|    232 | flush                   in org.apache.axiom.om.impl.MTOMXMLStreamWriter
|    318 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
|      1 | serializeAndConsume     in org.apache.axiom.om.impl.llom.OMElementImpl
|     74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
|     84 | writeRequest            in org.apache.axis2.transport.http.AxisRequestEntity
|    499 | writeRequestBody . . .  in org.apache.commons.httpclient.methods.EntityEnclosingMethod
|   2114 | writeRequest            in org.apache.commons.httpclient.HttpMethodBase
|   1096 | execute . . . . . . . . in     ''
|    398 | executeWithRetry        in org.apache.commons.httpclient.HttpMethodDirector
|    171 | executeMethod . . . . . in     ''
|    397 | executeMethod           in org.apache.commons.httpclient.HttpClient
|    621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
|    193 | sendViaPost             in org.apache.axis2.transport.http.HTTPSender
|     75 | send . . . . . . . . .  in     ''
|    396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
|    223 | invoke . . . . . . . .  in     ''
|    443 | send                    in org.apache.axis2.engine.AxisEngine
|    406 | send . . . . . . . . .  in org.apache.axis2.description.OutInAxisOperationClient
|    229 | executeImpl             in     ''
|    165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
|   1960 | login                   in com.zuora.api.ZuoraServiceStub
|     51 | ___init___ . . . . . .  in com.zuora.zortal.util.ZApi$$EPbyIuau
|     48 | <init>                  in com.zuora.zortal.repository.ZuoraRepository
|     40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
|    195 | doFilter                in grails.plugin.cache.web.filter.PageFragmentCachingFilter
|     63 | doFilter . . . . . . .  in grails.plugin.cache.web.filter.AbstractFilter
|   1145 | runWorker               in java.util.concurrent.ThreadPoolExecutor
|    615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run                     in java.lang.Thread
Caused by SocketException: Connection reset
->>  196 | read                    in java.net.SocketInputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    122 | read                    in     ''
|     82 | flushBuffer . . . . . . in java.io.BufferedOutputStream
|    140 | flush                   in     ''
|    191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
|    103 | flush                   in com.ctc.wstx.io.UTF8Writer
|    225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
|    259 | flush                   in com.ctc.wstx.sw.BaseStreamWriter
|     50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
|    232 | flush                   in org.apache.axiom.om.impl.MTOMXMLStreamWriter
|    318 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
|      1 | serializeAndConsume     in org.apache.axiom.om.impl.llom.OMElementImpl
|     74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
|     84 | writeRequest            in org.apache.axis2.transport.http.AxisRequestEntity
|    499 | writeRequestBody . . .  in org.apache.commons.httpclient.methods.EntityEnclosingMethod
|   2114 | writeRequest            in org.apache.commons.httpclient.HttpMethodBase
|   1096 | execute . . . . . . . . in     ''
|    398 | executeWithRetry        in org.apache.commons.httpclient.HttpMethodDirector
|    171 | executeMethod . . . . . in     ''
|    397 | executeMethod           in org.apache.commons.httpclient.HttpClient
|    621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
|    193 | sendViaPost             in org.apache.axis2.transport.http.HTTPSender
|     75 | send . . . . . . . . .  in     ''
|    396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
|    223 | invoke . . . . . . . .  in     ''
|    443 | send                    in org.apache.axis2.engine.AxisEngine
|    406 | send . . . . . . . . .  in org.apache.axis2.description.OutInAxisOperationClient
|    229 | executeImpl             in     ''
|    165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
|   1960 | login                   in com.zuora.api.ZuoraServiceStub
|     51 | ___init___ . . . . . .  in com.zuora.zortal.util.ZApi$$EPbyIuau
|     48 | <init>                  in com.zuora.zortal.repository.ZuoraRepository
|     40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
|    195 | doFilter                in grails.plugin.cache.web.filter.PageFragmentCachingFilter
|     63 | doFilter . . . . . . .  in grails.plugin.cache.web.filter.AbstractFilter
|   1145 | runWorker               in java.util.concurrent.ThreadPoolExecutor
|    615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run                     in java.lang.Thread

此问题仅发生在 Java 7 上,因为 Java 8 默认使用 TLSv1.2 source

您需要创建 SSLSocketFactory,我已经将拉取请求推送到 Zuora SDK 中 here

String TLS_VERSION = "TLSv1.2";
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory;
try {
    if (Boolean.valueOf(((String) ZConfig.getInstance().getVal("ssl.verify.peer")).toLowerCase())) {
        socketFactory = new SSLSocketFactory(TLS_VERSION, null, null, null, null, null,
                SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    } else {
        socketFactory = new SSLSocketFactory(TLS_VERSION, null, null, null, null, new TrustStrategy() {
            @Override
            public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
                return true;
            }
        }, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    }
    // need both http and https
    registry.register(new Scheme("https", 443, socketFactory));
}