我们有一个客户端正在使用(通过阅读running.txt)显示的内容是tomcat 7.0。问题是,当请求ssl连接时,它似乎无法协商与浏览器一起使用的密码。
server.xml的连接器部分:
<Connector SSLEnabled="true" acceptCount="100" algorithm="SunX509"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
clientAuth="false" disableUploadTimeout="true" enableLookups="false"
keystoreFile="conf\tomcat.jks" keystorePass="password" keystoreType="MyType"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="3601"
protocol="HTTP/1.1" scheme="https" secure="true"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSL" sslImplementationName="com.corestreet.tomcat.net.SSLImplementation" sslProtocol="TLS"/>
我在ciphers属性中尝试了各种条目(取自here),但都没有成功。上面提到的那个失败了(当请求安全页面时):
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-3601-Acceptor-0, setSoTimeout(60000) called
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
No available cipher suite for TLSv1
No available cipher suite for TLSv1.1
No available cipher suite for TLSv1.2
http-bio-3601-exec-9, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-9, SEND TLSv1 ALERT: fatal, description = handshake_failure
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-9, WRITE: TLSv1 Alert, length = 2
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[Raw write]: length = 7
0000: Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-3601-Acceptor-0, setSoTimeout(60000) called
15 03 01 00 02 02 28 No available cipher suite for TLSv1
No available cipher suite for TLSv1.1
No available cipher suite for TLSv1.2
http-bio-3601-exec-10, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-10, SEND TLSv1 ALERT: fatal, description = handshake_failure
http-bio-3601-exec-10, WRITE: TLSv1 Alert, length = 2
......(
http-bio-3601-exec-9, called closeSocket()
[Raw write]: length = 7
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-9, IOException in getSession(): javax.net.ssl.SSLHandshakeException: No appropriate protocol
http-bio-3601-exec-9, called close()
http-bio-3601-exec-9, called closeInternal(true)
0Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
000: 15Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
03Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
01 00Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
02Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
02 28 Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-3601-Acceptor-0, setSoTimeout(60000) called
......(
http-bio-3601-exec-10, called closeSocket()
No available cipher suite for TLSv1
No available cipher suite for TLSv1.1
No available cipher suite for TLSv1.2
http-bio-3601-exec-11, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol
http-bio-3601-exec-10, IOException in getSession(): javax.net.ssl.SSLHandshakeException: No appropriate protocol
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-10, called close()
http-bio-3601-exec-10, called closeInternal(true)
http-bio-3601-exec-11, SEND TLSv1 ALERT: fatal, description = handshake_failure
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-11, WRITE: TLSv1 Alert, length = 2
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[Raw write]: length = 7
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0000: 15Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
03Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
01 00 02 02 28 Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-3601-Acceptor-0, setSoTimeout(60000) called
......(
http-bio-3601-exec-11, called closeSocket()
No available cipher suite for TLSv1
No available cipher suite for TLSv1.1
No available cipher suite for TLSv1.2
http-bio-3601-exec-12, handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol
http-bio-3601-exec-11, IOException in getSession(): javax.net.ssl.SSLHandshakeException: No appropriate protocol
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-11, called close()
http-bio-3601-exec-11, called closeInternal(true)
http-bio-3601-exec-12, SEND TLSv1 ALERT: fatal, description = handshake_failure
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
http-bio-3601-exec-12, WRITE: TLSv1 Alert, length = 2
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
http-bio-3601-exec-12, called closeSocket()
http-bio-3601-exec-12, IOException in getSession(): javax.net.ssl.SSLHandshakeException: No appropriate protocol
http-bio-3601-exec-12, called close()
http-bio-3601-exec-12, called closeInternal(true)
我不明白为什么有这么多&#34;忽略不可用的密码套件&#34;我也不明白我会如何聪明地选择使用它。在这里错过了什么?