javax.net.ssl.SSLHandshakeException: 没有合适的协议
javax.net.ssl.SSLHandshakeException: No appropriate protocol
我已经安装 tomcat 8(ssl 支持)和 java 1.8。
当开始 tomcat catalina out 写
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:729)
at sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:756)
at org.apache.tomcat.util.net.SecureNioChannel.reset(SecureNioChannel.java:94)
at org.apache.tomcat.util.net.SecureNioChannel.<init>(SecureNioChannel.java:76)
at org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:544)
at org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:697)
at java.lang.Thread.run(Thread.java:745)
还有这个
12-Dec-2016 14:12:37.297 WARNING [main] org.apache.tomcat.util.net.jsse.JSSESocketFactory.getEnableableProtocols None of the SSL protocols specified are supported by the SSL engine : [TLSv1+TLSv1.1+TLSv1.2]
旧版本 tomcat 和 java 不会出现错误。
我的server.xml配置
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="700" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1+TLSv1.1+TLSv1.2"
keystoreFile="/var/lib/tomcat8/keystore" keystorePass="********" keystoreType="JKS"
keyAlias="tomcat"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"
/>
可能是什么问题?
谢谢
从Apache Tomcat 8 Configuration Reference开始,sslEnabledProtocols应该代表
The comma separated list of SSL protocols to support for HTTPS connections.
Apache Tomcat 8 - Security Considerations 文档有一个示例说明该参数的正确用法 --
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"。您错误地指定使用 + 而不是 , -- TLSv1+TLSv1.1+TLSv1.2.
我已经安装 tomcat 8(ssl 支持)和 java 1.8。 当开始 tomcat catalina out 写
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:503)
at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:729)
at sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:756)
at org.apache.tomcat.util.net.SecureNioChannel.reset(SecureNioChannel.java:94)
at org.apache.tomcat.util.net.SecureNioChannel.<init>(SecureNioChannel.java:76)
at org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:544)
at org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:697)
at java.lang.Thread.run(Thread.java:745)
还有这个
12-Dec-2016 14:12:37.297 WARNING [main] org.apache.tomcat.util.net.jsse.JSSESocketFactory.getEnableableProtocols None of the SSL protocols specified are supported by the SSL engine : [TLSv1+TLSv1.1+TLSv1.2]
旧版本 tomcat 和 java 不会出现错误。
我的server.xml配置
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="700" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1+TLSv1.1+TLSv1.2"
keystoreFile="/var/lib/tomcat8/keystore" keystorePass="********" keystoreType="JKS"
keyAlias="tomcat"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"
/>
可能是什么问题? 谢谢
从Apache Tomcat 8 Configuration Reference开始,sslEnabledProtocols应该代表
The comma separated list of SSL protocols to support for HTTPS connections.
Apache Tomcat 8 - Security Considerations 文档有一个示例说明该参数的正确用法 --
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"。您错误地指定使用 + 而不是 , -- TLSv1+TLSv1.1+TLSv1.2.