如何强制/配置Axis2以使用TLS 1.1或更高版本
问题描述:
我有一个应用程序使用Axis2生成的源(WSDL2java客户端代码,XMLbeans,使用axis2-1.6.4)连接到服务。它一直在努力工作。如何强制/配置Axis2以使用TLS 1.1或更高版本
我正在连接的服务将不再接受传入的TLSv1连接,所以我需要弄清楚如何使用TLSv1.1或TLSv1.2进行连接。我的客户端代码运行Java 1.7,我已经确认了必要的支持是有创建一个简单的测试客户端,并运行它像这样
java -Dhttps.protocols=TLSv1.1,TLSv1.2 TestConnect
终于搞清楚how to pass that flag to my (grails) site这是客户在这种情况下后,它似乎仍然不会影响握手。意思是,套接字在尝试连接时被重置(不像我的TestConnect应用程序,它连接的很好)。此外,当我还设置“-Djavax.net.debug = SSL:握手:详细”我看到1.0版仍然被用于握手:
%% No cached client session
*** ClientHello, TLSv1
http-bio-8080-exec-9, WRITE: TLSv1 Handshake, length = 149
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
http-bio-8080-exec-9, handling exception: java.net.SocketException: Connection reset
http-bio-8080-exec-9
, SEND TLSv1 ALERT:
fatal,
description = unexpected_message
http-bio-8080-exec-9, WRITE: TLSv1 Alert, length = 2
http-bio-8080-exec-9, Exception sending alert: java.net.SocketException: Broken pipe
我也终于发现 - 基础上docs here - 设置https.protocol只会影响通过使用HttpsURLConnection类或通过URL.openStream()操作所做的连接。这让我怀疑axis2正在做其他事情,或者希望有不同的方式来实现同样的支持。
有人能指出我正确的方向吗?或者证实或反驳我的想法?
下面是完整的堆栈跟踪(S):
2016-02-06 13:25:06,942 [http-bio-8080-exec-9] INFO httpclient.HttpMethodDirector - I/O exception (org.apache.axis2.AxisFault) caught when processing request: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
2016-02-06 13:25:06,948 [http-bio-8080-exec-9] DEBUG httpclient.HttpMethodDirector - Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
Message: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
Line | Method
->> 430 | makeFault in org.apache.axis2.AxisFault
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 78 | writeTo in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest . . . . . in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest . . . . . in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute in ''
| 398 | executeWithRetry . . . in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod in ''
| 397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
| 75 | send in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke in ''
| 443 | send . . . . . . . . . in org.apache.axis2.engine.AxisEngine
| 406 | send in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl . . . . . . in ''
| 165 | execute in org.apache.axis2.client.OperationClient
| 1960 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> . . . . . . . . in com.zuora.zortal.repository.ZuoraRepository
| 40 | login in saaseiportal.unauthorized.LoginController
| 195 | doFilter . . . . . . . in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run . . . . . . . . . . in java.lang.Thread
Caused by WstxIOException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
->> 261 | flush in com.ctc.wstx.sw.BaseStreamWriter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 50 | flush in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 224 | close . . . . . . . . . in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 320 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume . . in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest . . . . . in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest . . . . . in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute in ''
| 398 | executeWithRetry . . . in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod in ''
| 397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
| 75 | send in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke in ''
| 443 | send . . . . . . . . . in org.apache.axis2.engine.AxisEngine
| 406 | send in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl . . . . . . in ''
| 165 | execute in org.apache.axis2.client.OperationClient
| 1960 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> . . . . . . . . in com.zuora.zortal.repository.ZuoraRepository
| 40 | login in saaseiportal.unauthorized.LoginController
| 195 | doFilter . . . . . . . in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run . . . . . . . . . . in java.lang.Thread
Caused by SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
->> 82 | flushBuffer in java.io.BufferedOutputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 103 | flush in com.ctc.wstx.io.UTF8Writer
| 225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 259 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 224 | close in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 320 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody . . . in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute . . . . . . . . in ''
| 398 | executeWithRetry in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod . . . . . in ''
| 397 | executeMethod in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost in org.apache.axis2.transport.http.HTTPSender
| 75 | send . . . . . . . . . in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke . . . . . . . . in ''
| 443 | send in org.apache.axis2.engine.AxisEngine
| 406 | send . . . . . . . . . in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl in ''
| 165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
| 1960 | login in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ . . . . . . in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> in com.zuora.zortal.repository.ZuoraRepository
| 40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
| 195 | doFilter in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter . . . . . . . in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
Caused by SSLException: java.net.SocketException: Connection reset
->> 82 | flushBuffer in java.io.BufferedOutputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 103 | flush in com.ctc.wstx.io.UTF8Writer
| 225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 259 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 232 | flush in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 318 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody . . . in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute . . . . . . . . in ''
| 398 | executeWithRetry in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod . . . . . in ''
| 397 | executeMethod in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost in org.apache.axis2.transport.http.HTTPSender
| 75 | send . . . . . . . . . in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke . . . . . . . . in ''
| 443 | send in org.apache.axis2.engine.AxisEngine
| 406 | send . . . . . . . . . in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl in ''
| 165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
| 1960 | login in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ . . . . . . in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> in com.zuora.zortal.repository.ZuoraRepository
| 40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
| 195 | doFilter in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter . . . . . . . in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
Caused by SocketException: Connection reset
->> 196 | read in java.net.SocketInputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 122 | read in ''
| 82 | flushBuffer . . . . . . in java.io.BufferedOutputStream
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 103 | flush in com.ctc.wstx.io.UTF8Writer
| 225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 259 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 232 | flush in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 318 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody . . . in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute . . . . . . . . in ''
| 398 | executeWithRetry in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod . . . . . in ''
| 397 | executeMethod in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost in org.apache.axis2.transport.http.HTTPSender
| 75 | send . . . . . . . . . in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke . . . . . . . . in ''
| 443 | send in org.apache.axis2.engine.AxisEngine
| 406 | send . . . . . . . . . in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl in ''
| 165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
| 1960 | login in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ . . . . . . in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> in com.zuora.zortal.repository.ZuoraRepository
| 40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
| 195 | doFilter in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter . . . . . . . in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
答
此问题只与Java 7的发生与Java 8使用TLSv1.2工作在默认情况下source
您需要创建SSLSocketFactory的,我已经推了拉入请求到Zuora SDK中,这样做here
String TLS_VERSION = "TLSv1.2";
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory;
try {
if (Boolean.valueOf(((String) ZConfig.getInstance().getVal("ssl.verify.peer")).toLowerCase())) {
socketFactory = new SSLSocketFactory(TLS_VERSION, null, null, null, null, null,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
} else {
socketFactory = new SSLSocketFactory(TLS_VERSION, null, null, null, null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
}
// need both http and https
registry.register(new Scheme("https", 443, socketFactory));
}
+0
完美答案!我在我的评论中找到了类似的答案,但修复Zuora SDK是另一个更好的选择!谢谢! – user3033893
那么,我找到了一个解决方案。我按照[这些文档](http://hc.apache.org/httpclient-3.x/sslguide.html)的建议导入了一个定制的SSLSocketFactory。如果你懒惰(像我一样),我去找一个已经做到的人,并找到[this](https://gist.github.com/fkrauthan/ac8624466a4dee4fd02f)。它需要做一些小改动(实现apache SecureProtocolSocketFactory)。最后,*我的应用程序中的某处*我称为 Protocol.registerProtocol(“https”,new Protocol(“https”,new TLSSocketFactory(),443)); 在某些时候,我应该只是更新我的axis2东西到更新的东西...... – user3033893
你有机会处理Zuora阻止TLS 1.0吗? – sguzman
您的解决方案适合我! “新协议”似乎被弃用,但在这一点上,我不在乎。 – sguzman