自由例外 SSLv3
Liberty Exception SSLv3
谁能告诉我如何在 liberty 20.0.0.12 上解决这个问题
[ERROR ] CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:880)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:832)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1078)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1012)
at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:751)
at [internal classes]
.
我在互联网上搜索但找不到解决此问题的方法!
问题 1) 此异常是针对 Liberty 引擎还是我的 JaxRS 客户端请求?
@Singleton
@TransactionManagement(TransactionManagementType.BEAN)
public class BinanceService {
@Inject
private Logger logger;
@EJB
private StatisticDAO statisticDAO;
private Client client;
private WebTarget target;
@PostConstruct
public void init() {
try {
SSLContext sc = SSLContext.getDefault();
SSLParameters sslParameters = sc.getSupportedSSLParameters();
sslParameters.setProtocols(new String[]{"SSLv1.2", "SSLv3"});
TrustManager[] trustAllCerts = {new InsecureTrustManager()};
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
client = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
target = client.target("https://api.binance.com");
} catch (Exception e) {
e.printStackTrace();
}
}
public List<String> exchangeInfo() {
List<String> list = new ArrayList<>();
try {
Response response = target.path("/api/v3/exchangeInfo")
.request(MediaType.APPLICATION_JSON_TYPE)
.get();
JsonObject jsonObject = response.readEntity(JsonObject.class);
JsonArray symbolsArray = jsonObject.get("symbols").asJsonArray();
for (JsonValue symbolJson : symbolsArray) {
String symbol = symbolJson.asJsonObject().getString("symbol");
String baseAsset = symbolJson.asJsonObject().getString("baseAsset");
if (baseAsset.endsWith("DOWN") || baseAsset.endsWith("UP")) {
continue;
}
String finaSymbolName = baseAsset + "/" + symbol.substring(baseAsset.length());
list.add(finaSymbolName);
}
} catch (Exception e) {
logger.finer("Failed to fetch binance symbols");
}
return list;
}
public void fetchAndSaveAllSymbols() {
List<String> list = exchangeInfo();
logger.info(String.format("fetch and save %d symbols", list.size()));
statisticDAO.bulkInsert(list);
}
}
注意:我手动生成了PKCS12:
keytool -genkeypair -alias "cs-key" -keystore "cs.jks" -dname "CN=test.local" -keyalg RSA -storepass "mah123456" -validity 365
keytool -importkeystore -srckeystore cs.jks -srcstorepass "mah123456" -destkeystore key.p12 -deststorepass "mah123456" -deststoretype PKCS12
问题 2:如何解决这个问题?
您的服务器 Java SDK likely/smartly 通过 java.security 中的 jdk.tls.disabledAlgorithms 阻止了过时的 SSLv3。使您的 SSL 客户端现代化或在 java.security.
的服务器中允许不安全的 SSLv3
谁能告诉我如何在 liberty 20.0.0.12 上解决这个问题
[ERROR ] CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:880)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:832)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1078)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1012)
at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:751)
at [internal classes]
.
我在互联网上搜索但找不到解决此问题的方法!
问题 1) 此异常是针对 Liberty 引擎还是我的 JaxRS 客户端请求?
@Singleton
@TransactionManagement(TransactionManagementType.BEAN)
public class BinanceService {
@Inject
private Logger logger;
@EJB
private StatisticDAO statisticDAO;
private Client client;
private WebTarget target;
@PostConstruct
public void init() {
try {
SSLContext sc = SSLContext.getDefault();
SSLParameters sslParameters = sc.getSupportedSSLParameters();
sslParameters.setProtocols(new String[]{"SSLv1.2", "SSLv3"});
TrustManager[] trustAllCerts = {new InsecureTrustManager()};
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
client = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
target = client.target("https://api.binance.com");
} catch (Exception e) {
e.printStackTrace();
}
}
public List<String> exchangeInfo() {
List<String> list = new ArrayList<>();
try {
Response response = target.path("/api/v3/exchangeInfo")
.request(MediaType.APPLICATION_JSON_TYPE)
.get();
JsonObject jsonObject = response.readEntity(JsonObject.class);
JsonArray symbolsArray = jsonObject.get("symbols").asJsonArray();
for (JsonValue symbolJson : symbolsArray) {
String symbol = symbolJson.asJsonObject().getString("symbol");
String baseAsset = symbolJson.asJsonObject().getString("baseAsset");
if (baseAsset.endsWith("DOWN") || baseAsset.endsWith("UP")) {
continue;
}
String finaSymbolName = baseAsset + "/" + symbol.substring(baseAsset.length());
list.add(finaSymbolName);
}
} catch (Exception e) {
logger.finer("Failed to fetch binance symbols");
}
return list;
}
public void fetchAndSaveAllSymbols() {
List<String> list = exchangeInfo();
logger.info(String.format("fetch and save %d symbols", list.size()));
statisticDAO.bulkInsert(list);
}
}
注意:我手动生成了PKCS12:
keytool -genkeypair -alias "cs-key" -keystore "cs.jks" -dname "CN=test.local" -keyalg RSA -storepass "mah123456" -validity 365
keytool -importkeystore -srckeystore cs.jks -srcstorepass "mah123456" -destkeystore key.p12 -deststorepass "mah123456" -deststoretype PKCS12
问题 2:如何解决这个问题?
您的服务器 Java SDK likely/smartly 通过 java.security 中的 jdk.tls.disabledAlgorithms 阻止了过时的 SSLv3。使您的 SSL 客户端现代化或在 java.security.
的服务器中允许不安全的 SSLv3