自由例外SSLv3

Question

有人向我解释如何在自由上解决这个问题

[ERROR   ] CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:880)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:832)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1078)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1012)
        at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:751)
        at [internal classes]
.

我在网上搜索，但找不到解决这个问题的办法！

问题1)这个例外是针对自由引擎还是我的JaxRS客户端请求？

@Singleton
@TransactionManagement(TransactionManagementType.BEAN)
public class BinanceService {

    @Inject
    private Logger logger;

    @EJB
    private StatisticDAO statisticDAO;

    private Client client;
    private WebTarget target;

    @PostConstruct
    public void init() {
        try {
            SSLContext sc = SSLContext.getDefault();
            SSLParameters sslParameters = sc.getSupportedSSLParameters();
            sslParameters.setProtocols(new String[]{"SSLv1.2", "SSLv3"});

            TrustManager[] trustAllCerts = {new InsecureTrustManager()};
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HostnameVerifier allHostsValid = new InsecureHostnameVerifier();

            client = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
            target = client.target("https://api.binance.com");

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public List<String> exchangeInfo() {
        List<String> list = new ArrayList<>();
        try {
            Response response = target.path("/api/v3/exchangeInfo")
                    .request(MediaType.APPLICATION_JSON_TYPE)
                    .get();
            JsonObject jsonObject = response.readEntity(JsonObject.class);
            JsonArray symbolsArray = jsonObject.get("symbols").asJsonArray();
            for (JsonValue symbolJson : symbolsArray) {
                String symbol = symbolJson.asJsonObject().getString("symbol");
                String baseAsset = symbolJson.asJsonObject().getString("baseAsset");
                if (baseAsset.endsWith("DOWN") || baseAsset.endsWith("UP")) {
                    continue;
                }
                String finaSymbolName = baseAsset + "/" + symbol.substring(baseAsset.length());
                list.add(finaSymbolName);
            }
        } catch (Exception e) {
            logger.finer("Failed to fetch binance symbols");
        }
        return list;
    }

    public void fetchAndSaveAllSymbols() {
        List<String> list = exchangeInfo();
        logger.info(String.format("fetch and save %d symbols", list.size()));
        statisticDAO.bulkInsert(list);
    }
}   

注释：i手动生成PKCS12：

keytool -genkeypair -alias "cs-key" -keystore "cs.jks" -dname "CN=test.local" -keyalg RSA -storepass "mah123456"  -validity 365 
keytool -importkeystore -srckeystore cs.jks -srcstorepass "mah123456" -destkeystore key.p12 -deststorepass "mah123456" -deststoretype PKCS12

问题2:如何解决这个问题？

Answer 1

您的服务器Java很可能/很聪明地通过SSLv3中的jdk.tls.disabledAlgorithms阻止过时的java.security。或者使您的SSL客户端现代化，或者允许java.security服务器中的不安全的java.security。