java - 如果在 Jetty 日志下禁用密码,JreDisabled:java.security 意味着什么
问题描述
我正在尝试使用 TLS_PSK_WITH_AES_256_CBC_SHA 在 Android 应用程序上运行 Jetty 服务器,但看到它未在启用下列出。
private static final String[] suites = {
"TLS_PSK_WITH_AES_256_CBC_SHA"
};
SslContextFactory ctxFactory = new SslContextFactory();
ctxFactory.setExcludeCipherSuites(new String[0]);
ctxFactory.setIncludeCipherSuites(suites);
下面是启动服务器后的 Jetty Dump 日志:
| +- Protocol Selections
| | +- Enabled (size=4)
| | | +- TLSv1
| | | +- TLSv1.1
| | | +- TLSv1.2
| | | +- TLSv1.3
| | +- Disabled (size=0)
| +- Cipher Suite Selections
| +- Enabled (size=0)
| +- Disabled (size=25)
| +- SSL_RSA_WITH_3DES_EDE_CBC_SHA - JreDisabled:java.security, ConfigIncluded:NotSpecified
| +- TLS_AES_128_GCM_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_AES_256_GCM_SHA384 - ConfigIncluded:NotSpecified
| +- TLS_CHACHA20_POLY1305_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - JreDisabled:java.security, ConfigIncluded:NotSpecified
| +- TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - JreDisabled:java.security, ConfigIncluded:NotSpecified
| +- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - JreDisabled:java.security, ConfigIncluded:NotSpecified
| +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ConfigIncluded:NotSpecified
| +- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_EMPTY_RENEGOTIATION_INFO_SCSV - ConfigIncluded:NotSpecified
| +- TLS_FALLBACK_SCSV - JreDisabled:java.security, ConfigIncluded:NotSpecified
| +- TLS_PSK_WITH_AES_128_CBC_SHA - JreDisabled:java.security, ConfigIncluded:NotSpecified
| +- TLS_PSK_WITH_AES_256_CBC_SHA - JreDisabled:java.security
| +- TLS_RSA_WITH_AES_128_CBC_SHA - ConfigIncluded:NotSpecified
| +- TLS_RSA_WITH_AES_128_GCM_SHA256 - ConfigIncluded:NotSpecified
| +- TLS_RSA_WITH_AES_256_CBC_SHA - ConfigIncluded:NotSpecified
| +- TLS_RSA_WITH_AES_256_GCM_SHA384 - ConfigIncluded:NotSpecified
JreDisabled:java.security 是什么意思?Jetty 是否支持这个 TLS_PSK_WITH_AES_256_CBC_SHA 密码套件?
解决方案
这意味着您正在运行的 JRE(或 JDK)在属于该 JRE 的配置中禁用了特定的 TLS 密码套件(或 TLS 协议)。
示例:在 OpenJDK 11 上
$ grep -A2 tls.disabledAlgo $JAVA_HOME/conf/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
推荐阅读
- python - 使用 PCA 进行降维。为什么没有出现图表中的所有数字?
- r - 向 R 中的对象添加静默属性,以便除非直接检查,否则它不会打印到控制台?
- gnuplot - Gnuplot 多图轴,一个方向的等值线
- regex - 正则表达式仅在找到匹配 n+ 次时
- django - 如何限制某些用户在默认权限下查看 Django 管理员内容
- javascript - 为什么在 for 循环中第二次运行函数返回一个空字符串?
- google-cloud-platform - fastai 使用谷歌云平台
- angularjs - 动画内容在降级的 Angular 组件中提前消失
- python - 如何借助按钮在 Tkinter 中显示和隐藏密码?
- excel - VBA/Excel:在 Windows 资源管理器中搜索和过滤变量文件夹,选择一个文件夹,然后导入其文件