无法让我的 AXIS2 客户端使用 Websphere 8.5 上的 TLSv1.2 连接到远程服务器
Cannot get my AXIS2 Client connect to remote server using TLSv1.2 on Websphere 8.5
由于找不到解决我的previous problem的方法,我决定避开它并生成一个 AXIS2 项目来解决它。(如果有人知道如何解决我以前的问题,请告诉我。如果那个问题可以解决,我会切换回它。)
让我们回到这个话题。
我的服务器使用 Websphere 8.5 和 Java 1.8(1.7 和 1.6 仍然存在,但我认为它们不会造成问题,因为我将默认设置为 1.8),我 运行 在具有 2 个 WAS 节点的集群模式下。
我从管理器控制台部署了我的 AXIS2 客户端(带有 1.7.4 jar),并将此应用程序设置为最后加载父级以防止与 WAS 自己的 AXIS 发生冲突,它运行良好,除了一个问题:它无法连接到远程 WebLogic使用 TLSv1.2.
的服务器
我已经将WebLogic 的证书添加到clusterDefaultTrustKeyStore 中,我的WAS 是运行 Java 1.8。但是即使我将 System.setProperty("https.protocols", "TLSv1.2"); 添加到构造函数中,我仍然无法使用 https:// 连接到该服务器。现在真的很困扰我。
这是我得到的异常:
class org.apache.axis2.AxisFault:javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
堆栈跟踪:
[
{
"declaringClass": "org.apache.axis2.AxisFault",
"methodName": "makeFault",
"fileName": "AxisFault.java",
"lineNumber": 430
},
{
"declaringClass": "org.apache.axis2.transport.http.SOAPMessageFormatter",
"methodName": "writeTo",
"fileName": "SOAPMessageFormatter.java",
"lineNumber": 78
},
{
"declaringClass": "org.apache.axis2.transport.http.AxisRequestEntity",
"methodName": "writeRequest",
"fileName": "AxisRequestEntity.java",
"lineNumber": 85
},
{
"declaringClass": "org.apache.commons.httpclient.methods.EntityEnclosingMethod",
"methodName": "writeRequestBody",
"fileName": "EntityEnclosingMethod.java",
"lineNumber": 499
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodBase",
"methodName": "writeRequest",
"fileName": "HttpMethodBase.java",
"lineNumber": 2114
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodBase",
"methodName": "execute",
"fileName": "HttpMethodBase.java",
"lineNumber": 1096
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodDirector",
"methodName": "executeWithRetry",
"fileName": "HttpMethodDirector.java",
"lineNumber": 398
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodDirector",
"methodName": "executeMethod",
"fileName": "HttpMethodDirector.java",
"lineNumber": 171
},
{
"declaringClass": "org.apache.commons.httpclient.HttpClient",
"methodName": "executeMethod",
"fileName": "HttpClient.java",
"lineNumber": 397
},
{
"declaringClass": "org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl",
"methodName": "executeMethod",
"fileName": "HTTPSenderImpl.java",
"lineNumber": 872
},
{
"declaringClass": "org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl",
"methodName": "sendViaPost",
"fileName": "HTTPSenderImpl.java",
"lineNumber": 212
},
{
"declaringClass": "org.apache.axis2.transport.http.HTTPSender",
"methodName": "send",
"fileName": "HTTPSender.java",
"lineNumber": 121
},
{
"declaringClass": "org.apache.axis2.transport.http.CommonsHTTPTransportSender",
"methodName": "writeMessageWithCommons",
"fileName": "CommonsHTTPTransportSender.java",
"lineNumber": 403
},
{
"declaringClass": "org.apache.axis2.transport.http.CommonsHTTPTransportSender",
"methodName": "invoke",
"fileName": "CommonsHTTPTransportSender.java",
"lineNumber": 234
},
{
"declaringClass": "org.apache.axis2.engine.AxisEngine",
"methodName": "send",
"fileName": "AxisEngine.java",
"lineNumber": 431
},
{
"declaringClass": "org.apache.axis2.description.OutInAxisOperationClient",
"methodName": "send",
"fileName": "OutInAxisOperation.java",
"lineNumber": 399
},
{
"declaringClass": "org.apache.axis2.description.OutInAxisOperationClient",
"methodName": "executeImpl",
"fileName": "OutInAxisOperation.java",
"lineNumber": 225
},
{
"declaringClass": "org.apache.axis2.client.OperationClient",
"methodName": "execute",
"fileName": "OperationClient.java",
"lineNumber": 150
},
{
"declaringClass": "org.openuri.www.TestServiceStub",
"methodName": "getRSAPublicKey",
"fileName": "TestServiceStub.java",
"lineNumber": 841
}
...
]
WAS的系统日志:
Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.xml.xlxp2.api.stax.msg.StAXMessageProvider.throwXMLStreamException(StAXMessageProvider.java:67)
at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:766)
at com.ibm.xml.xlxp2.api.stax.XMLOutputFactoryImpl$XMLStreamWriterProxy.flush(XMLOutputFactoryImpl.java:155)
at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:223)
at org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:324)
at org.apache.axiom.om.impl.llom.OMElementImpl.serializeAndConsume(OMElementImpl.java:1)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
... 47 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.as.k(as.java:174)
at com.ibm.jsse2.as.l(as.java:677)
at com.ibm.jsse2.h.write(h.java:33)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at com.ibm.xml.xlxp2.api.stax.serializer.StAXWriter.flush(StAXWriter.java:65)
at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:763)
... 54 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:31)
at com.ibm.jsse2.j.a(j.java:43)
at com.ibm.jsse2.as.b(as.java:816)
at com.ibm.jsse2.as.a(as.java:752)
at com.ibm.jsse2.as.i(as.java:130)
at com.ibm.jsse2.as.a(as.java:497)
at com.ibm.jsse2.h.write(h.java:23)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at com.ibm.xml.xlxp2.api.stax.serializer.StAXWriter.flush(StAXWriter.java:65)
at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:763)
at com.ibm.xml.xlxp2.api.stax.XMLOutputFactoryImpl$XMLStreamWriterProxy.flush(XMLOutputFactoryImpl.java:155)
at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:50)
at org.apache.axiom.om.impl.common.serializer.push.stax.StAXSerializer.serializePushOMDataSource(StAXSerializer.java:53)
at org.apache.axiom.om.impl.common.serializer.push.Serializer.serialize(Serializer.java:293)
at org.apache.axiom.om.impl.common.AxiomSourcedElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomSourcedElementSupport$org_apache_axiom_om_impl_intf_AxiomSourcedElement$internalSerialize(AxiomSourcedElementSupport.aj:434)
... 69 more
根据系统日志,最有可能是原因。但是我不知道为什么以及如何解决它,并且在Whosebug中找不到任何直接相关的主题。谁能帮帮我吗?
您可以尝试 jsse.enableSNIExtension=false 将其添加到 Websphere 的自定义 JVM 属性。
如果目标服务器的证书是由 CA 签名的,您还应该将这些 CA 证书添加到 KeyStore。
...好吧,感觉被骗了
他们声称自己只接受 TLSv1.2,我买了它,但 SSL 调试日志告诉了一个不同的真相。
000000fa SystemOut O WebContainer : 1, READ: TLSv1 Alert, length = 2
00000014 SystemOut O Finalizer thread, called close()
00000014 SystemOut O Finalizer thread, called closeInternal(true)
00000014 SystemOut O Finalizer thread, called closeSocket(true)
000000fa SystemOut O WebContainer : 1, RECV TLSv1.2 ALERT: fatal, handshake_failure
深入查看日志后,我确实使用了 TLSv1.2,但他们似乎不支持它(或者他们没有启用它),这导致握手失败。
由于找不到解决我的previous problem的方法,我决定避开它并生成一个 AXIS2 项目来解决它。(如果有人知道如何解决我以前的问题,请告诉我。如果那个问题可以解决,我会切换回它。)
让我们回到这个话题。
我的服务器使用 Websphere 8.5 和 Java 1.8(1.7 和 1.6 仍然存在,但我认为它们不会造成问题,因为我将默认设置为 1.8),我 运行 在具有 2 个 WAS 节点的集群模式下。
我从管理器控制台部署了我的 AXIS2 客户端(带有 1.7.4 jar),并将此应用程序设置为最后加载父级以防止与 WAS 自己的 AXIS 发生冲突,它运行良好,除了一个问题:它无法连接到远程 WebLogic使用 TLSv1.2.
的服务器我已经将WebLogic 的证书添加到clusterDefaultTrustKeyStore 中,我的WAS 是运行 Java 1.8。但是即使我将 System.setProperty("https.protocols", "TLSv1.2"); 添加到构造函数中,我仍然无法使用 https:// 连接到该服务器。现在真的很困扰我。
这是我得到的异常:
class org.apache.axis2.AxisFault:javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
堆栈跟踪:
[
{
"declaringClass": "org.apache.axis2.AxisFault",
"methodName": "makeFault",
"fileName": "AxisFault.java",
"lineNumber": 430
},
{
"declaringClass": "org.apache.axis2.transport.http.SOAPMessageFormatter",
"methodName": "writeTo",
"fileName": "SOAPMessageFormatter.java",
"lineNumber": 78
},
{
"declaringClass": "org.apache.axis2.transport.http.AxisRequestEntity",
"methodName": "writeRequest",
"fileName": "AxisRequestEntity.java",
"lineNumber": 85
},
{
"declaringClass": "org.apache.commons.httpclient.methods.EntityEnclosingMethod",
"methodName": "writeRequestBody",
"fileName": "EntityEnclosingMethod.java",
"lineNumber": 499
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodBase",
"methodName": "writeRequest",
"fileName": "HttpMethodBase.java",
"lineNumber": 2114
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodBase",
"methodName": "execute",
"fileName": "HttpMethodBase.java",
"lineNumber": 1096
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodDirector",
"methodName": "executeWithRetry",
"fileName": "HttpMethodDirector.java",
"lineNumber": 398
},
{
"declaringClass": "org.apache.commons.httpclient.HttpMethodDirector",
"methodName": "executeMethod",
"fileName": "HttpMethodDirector.java",
"lineNumber": 171
},
{
"declaringClass": "org.apache.commons.httpclient.HttpClient",
"methodName": "executeMethod",
"fileName": "HttpClient.java",
"lineNumber": 397
},
{
"declaringClass": "org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl",
"methodName": "executeMethod",
"fileName": "HTTPSenderImpl.java",
"lineNumber": 872
},
{
"declaringClass": "org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl",
"methodName": "sendViaPost",
"fileName": "HTTPSenderImpl.java",
"lineNumber": 212
},
{
"declaringClass": "org.apache.axis2.transport.http.HTTPSender",
"methodName": "send",
"fileName": "HTTPSender.java",
"lineNumber": 121
},
{
"declaringClass": "org.apache.axis2.transport.http.CommonsHTTPTransportSender",
"methodName": "writeMessageWithCommons",
"fileName": "CommonsHTTPTransportSender.java",
"lineNumber": 403
},
{
"declaringClass": "org.apache.axis2.transport.http.CommonsHTTPTransportSender",
"methodName": "invoke",
"fileName": "CommonsHTTPTransportSender.java",
"lineNumber": 234
},
{
"declaringClass": "org.apache.axis2.engine.AxisEngine",
"methodName": "send",
"fileName": "AxisEngine.java",
"lineNumber": 431
},
{
"declaringClass": "org.apache.axis2.description.OutInAxisOperationClient",
"methodName": "send",
"fileName": "OutInAxisOperation.java",
"lineNumber": 399
},
{
"declaringClass": "org.apache.axis2.description.OutInAxisOperationClient",
"methodName": "executeImpl",
"fileName": "OutInAxisOperation.java",
"lineNumber": 225
},
{
"declaringClass": "org.apache.axis2.client.OperationClient",
"methodName": "execute",
"fileName": "OperationClient.java",
"lineNumber": 150
},
{
"declaringClass": "org.openuri.www.TestServiceStub",
"methodName": "getRSAPublicKey",
"fileName": "TestServiceStub.java",
"lineNumber": 841
}
...
]
WAS的系统日志:
Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.xml.xlxp2.api.stax.msg.StAXMessageProvider.throwXMLStreamException(StAXMessageProvider.java:67)
at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:766)
at com.ibm.xml.xlxp2.api.stax.XMLOutputFactoryImpl$XMLStreamWriterProxy.flush(XMLOutputFactoryImpl.java:155)
at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:223)
at org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:324)
at org.apache.axiom.om.impl.llom.OMElementImpl.serializeAndConsume(OMElementImpl.java:1)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
... 47 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.as.k(as.java:174)
at com.ibm.jsse2.as.l(as.java:677)
at com.ibm.jsse2.h.write(h.java:33)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at com.ibm.xml.xlxp2.api.stax.serializer.StAXWriter.flush(StAXWriter.java:65)
at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:763)
... 54 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:31)
at com.ibm.jsse2.j.a(j.java:43)
at com.ibm.jsse2.as.b(as.java:816)
at com.ibm.jsse2.as.a(as.java:752)
at com.ibm.jsse2.as.i(as.java:130)
at com.ibm.jsse2.as.a(as.java:497)
at com.ibm.jsse2.h.write(h.java:23)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at com.ibm.xml.xlxp2.api.stax.serializer.StAXWriter.flush(StAXWriter.java:65)
at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:763)
at com.ibm.xml.xlxp2.api.stax.XMLOutputFactoryImpl$XMLStreamWriterProxy.flush(XMLOutputFactoryImpl.java:155)
at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:50)
at org.apache.axiom.om.impl.common.serializer.push.stax.StAXSerializer.serializePushOMDataSource(StAXSerializer.java:53)
at org.apache.axiom.om.impl.common.serializer.push.Serializer.serialize(Serializer.java:293)
at org.apache.axiom.om.impl.common.AxiomSourcedElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomSourcedElementSupport$org_apache_axiom_om_impl_intf_AxiomSourcedElement$internalSerialize(AxiomSourcedElementSupport.aj:434)
... 69 more
根据系统日志,最有可能是原因。但是我不知道为什么以及如何解决它,并且在Whosebug中找不到任何直接相关的主题。谁能帮帮我吗?
您可以尝试 jsse.enableSNIExtension=false 将其添加到 Websphere 的自定义 JVM 属性。
如果目标服务器的证书是由 CA 签名的,您还应该将这些 CA 证书添加到 KeyStore。
...好吧,感觉被骗了
他们声称自己只接受 TLSv1.2,我买了它,但 SSL 调试日志告诉了一个不同的真相。
000000fa SystemOut O WebContainer : 1, READ: TLSv1 Alert, length = 2
00000014 SystemOut O Finalizer thread, called close()
00000014 SystemOut O Finalizer thread, called closeInternal(true)
00000014 SystemOut O Finalizer thread, called closeSocket(true)
000000fa SystemOut O WebContainer : 1, RECV TLSv1.2 ALERT: fatal, handshake_failure
深入查看日志后,我确实使用了 TLSv1.2,但他们似乎不支持它(或者他们没有启用它),这导致握手失败。