zoukankan      html  css  js  c++  java
  • Linux新版本JDK默认禁止TLSv1和TLSv1.1的解决方法

    系统新引入了一个外部数据源,是MSSQL的,部署的时候发生错误

    错误主要信息为  :The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

    Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]". ClientConnectionId:1466c25e-d72e-45ee-bb57-fd49d5a309b2
            at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
            at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
            at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
            at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
            at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
            at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
            at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
            at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:354)
            at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:202)
            at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:473)
            at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:554)
            ... 10 more
    Caused by: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
            at sun.security.ssl.Alert.createSSLException(Alert.java:131)

    是最新版本的java.security默认限制的原因 , 解决方法 : 

    首先找到java所在位置 : 

    [root@localhost ~]# whereis java
    java: /usr/bin/java /usr/lib/java /etc/java /usr/share/java /usr/share/man/man1/java.1.gz
    [root@localhost ~]# ll /usr/bin/java
    lrwxrwxrwx 1 root root 22 Sep 10 17:27 /usr/bin/java -> /etc/alternatives/java
    [root@localhost ~]# ll /etc/alternatives/java
    lrwxrwxrwx 1 root root 73 Sep 10 17:27 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64/jre/bin/java
    [root@localhost ~]# cd /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64/jre/

    找到lib/security/java.security 并编辑

    vim lib/security/java.security

    ↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓

    #找到这段
    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, 
        DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, 
        include jdk.disabled.namedCurves
    
    #删掉其中的TLSv1, TLSv1.1 , 改成下面这样即可
    jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, 
        DH keySize < 1024, EC keySize < 224, anon, NULL, 
       include jdk.disabled.namedCurves
  • 相关阅读:
    35.python之事件驱动模型
    33.python之操作系统,进程,线程
    VRChat之blender2.8版本设置
    VRChat模型制作及上传总篇(201912)
    linux常用指令
    java基础File的简单使用记录
    java 通过实现Comparable接口使用Collections.sort排序 及 利用set的特性对 list 进行去重
    [转发] java字符串-编码转换-工具类
    ssh服务不能远程时,使用telnet远程登录
    java中List遍历删除元素相关做法和注意事项
  • 原文地址:https://www.cnblogs.com/kreo/p/15323409.html
Copyright © 2011-2022 走看看