如何设置/强制Apache Camel仅运行/使用TLS 1.3

lh80um4z  于 2023-10-18  发布在  Apache
关注(0)|答案(1)|浏览(126)

我有一个用java编写的测试服务器,支持TLS 1.3(通过命令检查:

openssl ciphers -v | grep TLSv1.3

结果:新,TLSv1.3,密码为TLS_AES_256_GCM_SHA384)
但是客户端- Apache Camel在尝试向服务器发送POST时,服务器的响应是ERROR。下面是完整的响应日志:

javax.net.ssl.SSLHandshakeException: No available authentication scheme
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.984 CEST|HandshakeContext.java:304|No available cipher suite for TLS12
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.984 CEST|HandshakeContext.java:304|No available cipher suite for TLS11
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.985 CEST|HandshakeContext.java:304|No available cipher suite for TLS10
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.985 CEST|ClientHello.java:678|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "DE B4 7F B8 C1 A8 D2 C7 4E 4B 2F 1B E1 EE CC F3 8B E7 1C BC 39 DC 96 4F 22 9B E6 B4 F7 95 34 67",
  "session id"          : "D2 7F 38 74 C4 C1 CD AF FB 04 EB DC FA 33 66 C2 4D 16 7C 2C 7C 13 6A 99 B0 99 26 1B 31 26 74 10",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=myHostname
    },
    "supported_groups (10)": {
      "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 55 5F F8 49 33 A5 E6   1C 98 99 D2 0C A2 70 B7  .U_.I3........p.
            0010: B7 F2 D9 1D A4 4C D8 44   61 F6 98 77 FB 38 A4 E9  .....L.Da..w.8..
            0020: CC 3D 58 1C AF 99 CA 70   3B 2A E1 95 BC CB 89 27  .=X....p;*.....'
            0030: 72 4E DE 2F A3 7B C6 62   49 7B 1C B3 23 E5 D6 F7  rN./...bI...#...
            0040: 71
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|ClientHello.java:708|Negotiated protocol version: TLSv1.3
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: psk_key_exchange_modes
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|PreSharedKeyExtension.java:804|Handling pre_shared_key absence.
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|ServerNameExtension.java:327|no server name matchers, ignore server name indication
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: signature_algorithms_cert
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: cookie
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:173|Ignore unavailable extension: certificate_authorities
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.986 CEST|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.987 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha1
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.987 CEST|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SignatureScheme.java:428|Unsupported signature scheme: dsa_sha1
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:224|Populated with extension: signature_algorithms_cert
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:207|Ignore unavailable extension: cookie
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: psk_key_exchange_modes
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.988 CEST|SSLExtensions.java:207|Ignore unavailable extension: certificate_authorities
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.989 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.989 CEST|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.989 CEST|ServerHello.java:714|use cipher suite TLS_AES_256_GCM_SHA384
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.990 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.990 CEST|ServerHello.java:573|Produced ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "48 8F 4B 44 8B 85 28 1B 47 D1 7F 97 71 69 A9 F3 41 C5 C5 D6 4A 68 3F 95 BE 87 46 E5 9B 7A D1 10",
  "session id"          : "D2 7F 38 74 C4 C1 CD AF FB 04 EB DC FA 33 66 C2 4D 16 7C 2C 7C 13 6A 99 B0 99 26 1B 31 26 74 10",
  "cipher suite"        : "TLS_AES_256_GCM_SHA384(0x1302)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": secp256r1
        "key_exchange": {
          0000: 04 06 7F 37 27 51 3F BE   D3 FF 4D B0 D3 36 9D 22  ...7'Q?...M..6."
          0010: 4D 56 DC 03 4D 2B C2 D7   35 4C 96 31 D9 F2 3A 70  MV..M+..5L.1..:p
          0020: 37 DE 91 17 7B C4 3B 24   DC 07 BD 99 23 B9 B7 18  7.....;$....#...
          0030: FC 01 06 F6 98 76 8D 34   A2 55 3C 95 DC 93 D5 C8  .....v.4.U<.....
          0040: 59
        }
      },
    }
  ]
}
)
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLCipher.java:1817|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLCipher.java:1971|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.992 CEST|ServerNameExtension.java:537|No expected server name indication response
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.992 CEST|MaxFragExtension.java:463|Ignore unavailable max_fragment_length extension
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.992 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.993 CEST|AlpnExtension.java:384|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.993 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.993 CEST|EncryptedExtensions.java:137|Produced EncryptedExtensions message (
"EncryptedExtensions": [
  "supported_groups (10)": {
    "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
  }
]
)
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_rsae_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_rsae_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_rsae_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.993 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_pss_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.993 CEST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_pss_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pss_pss_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha256
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha384
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha512
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: ecdsa_sha1
javax.net.ssl|ALL|01|main|2023-08-11 13:58:40.995 CEST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1083|Unavailable authentication scheme: rsa_pkcs1_sha1
javax.net.ssl|WARNING|01|main|2023-08-11 13:58:40.995 CEST|CertificateMessage.java:1093|No available authentication scheme
javax.net.ssl|SEVERE|01|main|2023-08-11 13:58:40.996 CEST|TransportContext.java:323|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: No available authentication scheme
        at sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:318)
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:274)
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:265)
        at sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)
        at sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)
        at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
        at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1141)
        at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1077)
        at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:714)
        at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:682)
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
        at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:822)
        at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:73)
        at sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:913)
        at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
        at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
        at java.io.InputStreamReader.read(InputStreamReader.java:184)
        at java.io.BufferedReader.fill(BufferedReader.java:161)
        at java.io.BufferedReader.readLine(BufferedReader.java:324)
        at java.io.BufferedReader.readLine(BufferedReader.java:389)
        at HttpsServerExample2.main(HttpsServerExample2.java:39)}

)
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.996 CEST|SSLSocketImpl.java:1619|close the underlying socket
javax.net.ssl|FINE|01|main|2023-08-11 13:58:40.996 CEST|SSLSocketImpl.java:1638|close the SSL connection (initiative)
javax.net.ssl.SSLHandshakeException: No available authentication scheme
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.919 CEST|HandshakeContext.java:304|No available cipher suite for TLS12
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.919 CEST|HandshakeContext.java:304|No available cipher suite for TLS11
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.920 CEST|HandshakeContext.java:304|No available cipher suite for TLS10
javax.net.ssl|FINE|01|main|2023-08-11 14:03:12.924 CEST|ClientHello.java:678|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "D9 5E 2E A6 63 EE 12 27 49 40 05 21 F0 6B CD 0A 7F 0E F4 A6 71 6D A6 D4 96 4A FD F6 A5 07 5E 85",
  "session id"          : "0F 75 30 B1 4A 7B 71 A0

Apache-Camel仍然使用TLSv1.2。如何升级到1.3?我需要升级Java吗?我的Java和OpenSSL版本是:
java -version openjdk version“1.8.0_382”OpenJDK安装环境Corretto-8.382.05.1(build 1.8.0_382-b 05)OpenJDK 64位服务器VM Corretto-8.382.05.1(build 25.382-b 05,混合模式)
[root@myHostname tls1.3_python_java]# openssl版本
OpenSSL 1.1.1v 2023年8月1日(库:OpenSSL 1.1.1o 2022年5月3日)
我想要TLS 1.3通信加密协议,而不是TLS 1.2。

编辑:我在java.security文件中添加了TLS1.2,将其禁用,重新启动Camel:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, TLSv1.2, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

效果:相同的错误。编辑www.example.com文件后,我应该以某种方式重新启动Java吗java.security?

apache-camel

1条答案

按热度按时间
7kqas0il

7kqas0il1#

也许我糊涂了您要求TLS_AES_256_GCM_SHA384,即TLS V1.3,但您将TLS版本设置为1.2。您的服务器似乎有TLS V1.3。
在任何情况下,限制TLS版本的首选方法是编辑java java.security文件并禁用它们:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves
将TLSV1.2(如果还没有)添加到列表中,看看会发生什么。

赞(0)分享  回复(0)举报  2023-10-18
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com