我的一個測驗工具(我只有二進制檔案)使用 java 進行 TLS 通信。由于標準 java 不提供支持,因此 Bouncy Castle 用于使用 CCM 的密碼。配置 Bouncy Castle 后,我的工具適用于大多數 CCM 相關密碼(例如:TLS_DHE_RSA_WITH_AES_128_CCM)。但是,該工具無法用于 TLS_RSA_WITH_AES_128_CCM 密碼套件。
以下是錯誤跟蹤:
14:34:15.350 INFO - Start TCP Listener on 0.0.0.0/0.0.0.0:10075 14:34:23.818 INFO - Accept connection Socket[addr=/127.0.0.1,port=53357,localport=10075] 14:34:23.831 DEBUG
- /127.0.0.1:10075<-/127.0.0.1:53357(1): enter state: Sta2 - Transport connection open May 02, 2022 2:34:23 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised INFO: Server raised fatal(2) handshake_failure(40) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(Unknown Source)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:57)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:68)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association$2.run(Association.java:571)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
14:34:23.918 INFO - /127.0.0.1:10075<-/127.0.0.1:53357(1): i/o exception: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite in State: Sta2 - Transport connection open
任何關于為什么這個密碼失敗而 TLS_DHE_RSA_WITH_AES_128_CCM 有效的指標?
提前致謝。
uj5u.com熱心網友回復:
在 BouncyCastle github 論壇的幫助下,我找到了該問題的解決方案。它需要執行 2 個額外的步驟:
- 將 bcpkix-$version.jar 復制到 %JAVA_HOME%\lib\ext 路徑
- 更新 java.security 檔案中的 ssl.KeyManagerFactory.algorithm=PKIX
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/471161.html
下一篇:安全與腳本
