使用IBM JDK而非TLS 1.2构建Gradle

2w3rbyxf  于 2023-03-03  发布在  其他
关注(0)|答案(2)|浏览(146)

我们从Jenkins调用gradle构建,使用的Java是IBM java 1.8。构建完成后,打包的ear文件应该发布在Artifactory上,但在此失败,因为它使用的是TLSv1,而Artifactory服务器使用的是TLSv1.2(接收TLSv1.2警报:我们已经指定了一些参数来尝试强制它使用TLSv1.2,但是没有效果。
如果我们简单地将Java从IBM java切换到OpenJDK,那么一切都可以正常工作,但我们必须使用IBM JDK。
以下是摘录自日志,任何见解将不胜感激。

16:37:27  BUILD_ID=52
16:37:27  JAVA_TOOL_OPTIONS=-Duser.home=/home/jenkins -Dhttps.protocols=TLSv1.2 -Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all  -Dcom.ibm.jsse2.disablesslv3=false -Djdk.tls.client.protocols=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Djdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1

16:39:49  jdk.tls.client.protocols is defined as TLSv1.2
16:39:49  SSLv3 protocol was requested but was not enabled
16:39:49  SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49  SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49  CLIENT_DEFAULT: [TLSv1.2]
16:39:49  IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
16:39:49  IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
16:39:49  IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
16:39:49  IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
16:39:49  IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
16:39:49  
16:39:49  Is initial handshake: true
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
16:39:49  %% No cached client session
16:39:49  *** ClientHello, TLSv1
16:39:49  RandomCookie:  GMT: 1595384853 bytes = { 107, 178, 131, 155, 114, 248, 46, 134, 176, 84, 230, 191, 243, 124, 238, 63, 233, 106, 234, 197, 151, 26, 164, 199, 46, 116, 65, 30 }
16:39:49  Session ID:  {}
16:39:49  Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA]
16:39:49  Compression Methods:  { 0 }
16:39:49  Extension elliptic_curves, curve names: {secp256r1, secp192r1, secp224r1, secp384r1, secp521r1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp256k1}
16:39:49  Extension ec_point_formats, formats: [uncompressed]
16:39:49  Extension server_name, server_name: [type=host_name (0), value=artifactory..xxx.xxx]
16:39:49  ***
16:39:49  [write] MD5 and SHA1 hashes:  len = 123

16:39:49  [Raw read]: length = 2
16:39:49  0000: 02 46                                              .F
16:39:49  
16:39:49  pool-1-thread-1, READ: TLSv1 Alert, length = 2
16:39:49  pool-1-thread-1, RECV TLSv1.2 ALERT:  fatal, protocol_version
**16:39:49  pool-1-thread-1, called closeSocket()
16:39:49  pool-1-thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
16:39:49  Error occurred for request GET /artifactory/api/system/version HTTP/1.1: Received fatal alert: protocol_version.**```
m528fe3b

m528fe3b1#

尝试更新您的gradle.properties,使其具有:
默认TLS =真

piztneat

piztneat2#

在你的异常堆栈中,它被提到

"16:39:49  jdk.tls.client.protocols is defined as TLSv1.2
16:39:49  **SSLv3 protocol was requested but was not enabled**"

并且在您的命令行选项中提到**"-Djdk.tls.disabledAlgorithms= SSLv 3,TLSv 1,TLSv1.1”**
你可以尝试删除这个属性“-Djdk.tls.disabledAlgorithms= SSLv 3,TLSv 1,TLSv1.1”并测试你的应用程序.

相关问题