Apache VFS - 对 TLSv1 的 FTPS 支持

Apache VFS - FTPS support for TLSv1

有人可以告诉我 Apache VFS 2.6.0 是否支持 TLSv1FTPS 吗?

我问的原因是因为我们使用VFS编写了一个应用程序并针对VsFTPD 3.0.2开发了它

现在我们已经开始测试,我们看到很多旧机器使用仅支持 TLSv1 的 VsFTPD 2.2.2。

例外(不要泄露太多)

org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "100.200.150.25".
    at org.apache.commons.vfs2.provider.ftp.FtpClientFactory$ConnectionFactory.createConnection(FtpClientFactory.java:220)
    at org.apache.commons.vfs2.provider.ftps.FtpsClientFactory.createConnection(FtpsClientFactory.java:57)
    at org.apache.commons.vfs2.provider.ftps.FtpsClientWrapper.createClient(FtpsClientWrapper.java:47)
    at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.createClient(FTPClientWrapper.java:97)
    at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.getFtpClient(FTPClientWrapper.java:146)
    at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.<init>(FTPClientWrapper.java:52)
    at org.apache.commons.vfs2.provider.ftps.FtpsClientWrapper.<init>(FtpsClientWrapper.java:41)
    at org.apache.commons.vfs2.provider.ftps.FtpsFileProvider.doCreateFileSystem(FtpsFileProvider.java:49)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:93)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:72)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:56)
    at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:717)
    at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:654)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:750)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
    at org.springframework.cloud.sleuth.instrument.async.TraceAsyncAspect.traceBackgroundThread(TraceAsyncAspect.java:67)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644)
    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633)
    at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke[=10=](AsyncExecutionInterceptor.java:115)
    at org.springframework.cloud.sleuth.instrument.async.TraceCallable.call(TraceCallable.java:70)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:289)
    at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:226)
    at org.apache.commons.net.SocketClient._connect(SocketClient.java:244)
    at org.apache.commons.net.SocketClient.connect(SocketClient.java:202)
    at org.apache.commons.vfs2.provider.ftp.FtpClientFactory$ConnectionFactory.createConnection(FtpClientFactory.java:163)

Apache VFS 支持 TLSv1

这里的问题出现在常见且同样模糊的异常中

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Java 11 有一组禁用的密码,用于为 TLS 加密

我发现 VSFTPD 2.2.2 使用的是 DES-CBC3-SHA

我在 conf/java.security 中发现被 Java 11 禁用的那个是 3DES_EDE_CBC

我将其从禁用列表中删除,现在连接正常。

请注意

我会建议服务升级他们的 VSFTPD 服务器。我不喜欢降低安全性,但金钱万能,我怀疑这项 smaller/cheaper 更改将会实施。