将 RDS 服务器 SSL 从 1.0 更新到 1.2 后,本地 tomcat 未启动且无法连接到 Oracle RDS

Local tomcat is not starting and not able to connect to Oracle RDS after updating RDS Server SSL to 1.2 from 1.0

本地 tomcat 未启动,并且在尝试创建连接到 Oracle 数据库的 bean 时失败。错误是 java.sql.SQLRecoverableException:IO 错误:连接重置。我们所做的唯一更改是,我们在 Pom.xml 之前使用了 ojdbc8.jar 依赖项,它具有 ojdbc6.jar。我是 运行 tomcat jdk 1.8 library/java/javavirtualmachines/jdk1.8.0_162.jdk/Contents/home/jre/

我们已将 rds-ca-2019-root.der 导入到 cacerts 文件中。 library/java/javavirtualmachines/jdk1.8.0_162.jdk/Contents/home/jre/lib/security/cacerts

这是在将 Oracle 12.2.0.1 RDS 服务器上的 SSL_VERSION 更新为 1.2 后发生的。

这是堆栈跟踪。

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'abcDB' defined in class path resource [applicationContext.xml]: Invocation of init method failed; nested exception is javax.naming.NamingException: Unexpected exception resolving reference [Root exception is java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getTypeForFactoryBean(AbstractBeanFactory.java:1355)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryBean(AbstractAutowireCapableBeanFactory.java:710)
    at org.springframework.beans.factory.support.AbstractBeanFactory.isTypeMatch(AbstractBeanFactory.java:519)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:319)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:298)
    at org.springframework.beans.factory.BeanFactoryUtils.beanNamesForTypeIncludingAncestors(BeanFactoryUtils.java:142)
    at org.springframework.orm.jpa.EntityManagerFactoryUtils.findEntityManagerFactory(EntityManagerFactoryUtils.java:97)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor.findNamedEntityManagerFactory(PersistenceAnnotationBeanPostProcessor.java:511)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor.findEntityManagerFactory(PersistenceAnnotationBeanPostProcessor.java:493)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor$PersistenceElement.resolveEntityManager(PersistenceAnnotationBeanPostProcessor.java:657)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor$PersistenceElement.getResourceToInject(PersistenceAnnotationBeanPostProcessor.java:630)
    at org.springframework.beans.factory.annotation.InjectionMetadata$InjectedElement.inject(InjectionMetadata.java:150)
    at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor.postProcessPropertyValues(PersistenceAnnotationBeanPostProcessor.java:339)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1106)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:848)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:790)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:707)
    at org.glassfish.jersey.server.spring.AutowiredInjectResolver.getBeanFromSpringContext(AutowiredInjectResolver.java:104)
    at org.glassfish.jersey.server.spring.AutowiredInjectResolver.resolve(AutowiredInjectResolver.java:96)
    at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:211)
    at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:234)
    at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:357)
    at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:471)
    at org.jvnet.hk2.internal.SingletonContext.compute(SingletonContext.java:83)
    at org.jvnet.hk2.internal.SingletonContext.compute(SingletonContext.java:71)
    at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.call(Cache.java:97)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.run(Cache.java:154)
    at org.glassfish.hk2.utilities.cache.Cache.compute(Cache.java:199)
    at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:122)
    at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2022)
    at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:114)
    at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:88)
    at org.glassfish.jersey.internal.inject.Providers.getAllRankedProviders(Providers.java:247)
    at org.glassfish.jersey.server.ApplicationHandler.getProcessingProviders(ApplicationHandler.java:772)
    at org.glassfish.jersey.server.ApplicationHandler.initialize(ApplicationHandler.java:537)
    at org.glassfish.jersey.server.ApplicationHandler.access0(ApplicationHandler.java:184)
    at org.glassfish.jersey.server.ApplicationHandler.call(ApplicationHandler.java:350)
    at org.glassfish.jersey.server.ApplicationHandler.call(ApplicationHandler.java:347)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
    at org.glassfish.jersey.internal.Errors.processWithException(Errors.java:255)
    at org.glassfish.jersey.server.ApplicationHandler.<init>(ApplicationHandler.java:347)
    at org.glassfish.jersey.servlet.WebComponent.<init>(WebComponent.java:392)
    at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:177)
    at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:369)
    at javax.servlet.GenericServlet.init(GenericServlet.java:158)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1144)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1091)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:985)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4875)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5189)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1412)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1402)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.NamingException: Unexpected exception resolving reference [Root exception is java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)]
    at org.apache.naming.NamingContext.lookup(NamingContext.java:856)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:173)
    at org.apache.naming.factory.ResourceLinkFactory.getObjectInstance(ResourceLinkFactory.java:152)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:839)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:173)
    at org.apache.naming.SelectorContext.lookup(SelectorContext.java:163)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at org.springframework.jndi.JndiTemplate.doInContext(JndiTemplate.java:154)
    at org.springframework.jndi.JndiTemplate.execute(JndiTemplate.java:87)
    at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:152)
    at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:178)
    at org.springframework.jndi.JndiLocatorSupport.lookup(JndiLocatorSupport.java:95)
    at org.springframework.jndi.JndiObjectLocator.lookup(JndiObjectLocator.java:105)
    at org.springframework.jndi.JndiObjectFactoryBean.lookupWithFallback(JndiObjectFactoryBean.java:201)
    at org.springframework.jndi.JndiObjectFactoryBean.afterPropertiesSet(JndiObjectFactoryBean.java:187)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
    ... 71 more
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:666)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:544)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.getLogWriter(BasicDataSource.java:1064)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.createDataSource(BasicDataSourceFactory.java:568)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.getObjectInstance(BasicDataSourceFactory.java:240)
    at org.apache.naming.factory.FactoryBase.getObjectInstance(FactoryBase.java:96)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:839)
    ... 96 more
Caused by: java.sql.SQLRecoverableException: IO Error: Connection reset
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:467)
    at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:546)
    at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:236)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
    at org.apache.tomcat.dbcp.dbcp2.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:55)
    at org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:357)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:113)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:662)
    ... 103 more
Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:210)
    at java.net.SocketInputStream.read(SocketInputStream.java:141)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
    at sun.security.ssl.InputRecord.read(InputRecord.java:503)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    at oracle.net.ns.Packet.send(Packet.java:403)
    at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:198)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:293)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1102)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:320)
    ... 111 more

她摘自 server.xml

<Resource auth="Container"
            driverClassName="oracle.jdbc.driver.OracleDriver" initialSize="10"
            jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=10000)"
            jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100"
            maxWaitMillis="10000" minEvictableIdleTimeMillis="30000" minIdle="10"
            name="jdbc/abcDB" password="abc"
            removeAbandonedOnMaintenance="true" removeAbandonedTimeout="7200"
            testOnBorrow="true" testOnReturn="false" testWhileIdle="true"
            timeBetweenEvictionRunsMillis="5000" type="javax.sql.DataSource"
            url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=abc-dev.abc.us-east-1.rds.amazonaws.com)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=abc)))"
            username="abc" validationInterval="30000"
            validationQuery="SELECT 1 FROM DUAL" />

当我添加调试时 -Djavax.net.debug=all

我在日志中看到了这个

RandomCookie:  GMT: 1614618626 bytes = { 97, 87, 237, 119, 129, 190, 112, 175, 246, 122, 149, 31, 204, 213, 84, 167, 116, 247, 182, 155, 162, 201, 216, 93, 78, 217, 52, 146 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=abc-dev.abc.us-east-1.rds.amazonaws.com]
***
[write] MD5 and SHA1 hashes:  len = 185
0000: 01 00 00 B5 03 01 60 3D   20 02 61 57 ED 77 81 BE  ......`= .aW.w..
0010: 70 AF F6 7A 95 1F CC D5   54 A7 74 F7 B6 9B A2 C9  p..z....T.t.....
0020: D8 5D 4E D9 34 92 00 00   2C C0 0A C0 14 00 35 C0  .]N.4...,.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........
0050: 16 00 13 00 FF 01 00 00   60 00 0A 00 16 00 14 00  ........`.......
0060: 17 00 18 00 19 00 09 00   0A 00 0B 00 0C 00 0D 00  ................
0070: 0E 00 16 00 0B 00 02 01   00 00 17 00 00 00 00 00  ................
0080: 38 00 36 00 00 33 73 68   6F 72 74 73 2D 64 65 76  8.6..abc-dev
0090: 2E 63 39 64 66 79 71 6A   6F 62 74 71 66 2E 75 73  .abc.us
00A0: 2D 65 61 73 74 2D 31 2E   72 64 73 2E 61 6D 61 7A  -east-1.rds.amaz
00B0: 6F 6E 61 77 73 2E 63 6F   6D                       onaws.com
localhost-startStop-1, WRITE: TLSv1 Handshake, length = 185
[write] MD5 and SHA1 hashes:  len = 122
0000: 01 03 01 00 51 00 00 00   20 00 C0 0A 07 00 C0 00  ....Q... .......
0010: C0 14 00 00 35 00 C0 05   00 C0 0F 00 00 39 00 00  ....5........9..
0020: 38 00 C0 09 06 00 40 00   C0 13 00 00 2F 00 C0 04  8.....@...../...
0030: 01 00 80 00 C0 0E 00 00   33 00 00 32 00 C0 08 00  ........3..2....
0040: C0 12 00 00 0A 07 00 C0   00 C0 03 02 00 80 00 C0  ................
0050: 0D 00 00 16 00 00 13 00   00 FF 60 3D 20 02 61 57  ..........`= .aW
0060: ED 77 81 BE 70 AF F6 7A   95 1F CC D5 54 A7 74 F7  .w..p..z....T.t.
0070: B6 9B A2 C9 D8 5D 4E D9   34 92                    .....]N.4.
localhost-startStop-1, WRITE: SSLv2 client hello message, length = 122
[Raw write]: length = 124
0000: 80 7A 01 03 01 00 51 00   00 00 20 00 C0 0A 07 00  .z....Q... .....
0010: C0 00 C0 14 00 00 35 00   C0 05 00 C0 0F 00 00 39  ......5........9
0020: 00 00 38 00 C0 09 06 00   40 00 C0 13 00 00 2F 00  ..8.....@...../.
0030: C0 04 01 00 80 00 C0 0E   00 00 33 00 00 32 00 C0  ..........3..2..
0040: 08 00 C0 12 00 00 0A 07   00 C0 00 C0 03 02 00 80  ................
0050: 00 C0 0D 00 00 16 00 00   13 00 00 FF 60 3D 20 02  ............`= .
0060: 61 57 ED 77 81 BE 70 AF   F6 7A 95 1F CC D5 54 A7  aW.w..p..z....T.
0070: 74 F7 B6 9B A2 C9 D8 5D   4E D9 34 92              t......]N.4.
localhost-startStop-1, handling exception: java.net.SocketException: Connection reset
localhost-startStop-1, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
localhost-startStop-1, WRITE: TLSv1.2 Alert, length = 2
localhost-startStop-1, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
localhost-startStop-1, called closeSocket()
localhost-startStop-1, called close()
localhost-startStop-1, called closeInternal(true)
Mar 01, 2021 12:10:26 PM org.apache.naming.NamingContext lookup
Mar 01, 2021 12:10:26 PM org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)

非常感谢任何帮助。

谢谢

我可以通过将本地 tomcat lib 文件夹 /Users/dev/apache-tomcat-8.5.60/lib 中的 ojdbc6.jar 更新为 ojdbc8.jar 来解决此问题

谢谢大家