問題:項目系統使用的存儲系統SSL/TLS版本升級至1.2,導致本系統無法與存儲系統建立SSL連接。
原因:https://blog.csdn.net/tawlang/article/details/80655460
使用相同的keystore,客戶端使用JDK8,可與對方系統TCP握手成功建立ssh connection。
但若客戶端使用JDK6,則無法TCP握手成功。
分析root cause是說JDK6(低版本中)缺少一個加密算法以支持TLS1.2協議通訊。
相關知識查詢:
Transport Layer Security (TLS)
https://www.networkworld.com/article/2303073/lan-wan-what-is-transport-layer-security-protocol.html
https://xz.aliyun.com/search?keyword=TLS
Keystore
https://www.sohu.com/a/195090448_604699
https://blog.csdn.net/wteruiycbqqvwt/article/details/90764611
JDK6 低版本不支持TLSv1.2
直至Advanced 6u121版本才實現支持
但Advanced JDK版本是付費的......
https://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121
security-libs/javax.net.ssl
TLS v1.2 support now available
TLS v1.2 is now a TLS protocol option with the release of JDK 6u121. By default, TLSv1.0 will remain the default enabled protocol on client sockets.
As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via SSLSocket/SSLEngine/SSLServerSocket APIs:
e.g. sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});
or by setting up and using a TLSv1.2 based SSLContext :
e.g. SSLContext ctx = SSLContext.getInstance("TLSv1.2");
or by using the SSLParameters API:
e.g. sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
The new jdk.tls.client.protocols System Property may also be used to control the protocols in use for a TLS connection (JDK-8151183).
One may launch their application with this property. E.g. java -Djdk.tls.client.protocols="TLSv1.2" will enable only TLSv1.2 on client SSLSockets.
Note that protocol versions specified via the new jdk.tls.client.protocols property will suppress any value set via the jdk.tls.client.enableSSLv2Hello property. SSLv2Hello can be passed to the jdk.tls.client.protocols value if necessary.
See JDK-8133817
了解一下JDK收費問題
https://blog.csdn.net/Kaitiren/article/details/85066935