0
웹 응용 프로그램에서 SSL을 사용하려고합니다. https://127.0.0.1:8443에 액세스하면 javax.net.ssl.SSLHandshakeException: no cipher suites in common이 표시됩니다.Undertow 서블릿 컨테이너가있는 스프링 부트 응용 프로그램에서 "암호 모음이 공통적으로 없습니다"오류가 발생했습니다.
저는 서블릿 컨테이너를 사용하고 있습니다.
keytool -genkey -alias API -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
어떻게이 오류를 해결할 수 있습니다 : 나는 다음 명령을 사용하여 키 스토어를 생성
server:
port: 8443
ssl:
key-store: keystore.p12
key-store-password: PASSWD
key-password: PASSWD
keyAlias: API
key-store-type: PKCS12
:
다음은 나의 봄 부팅 구성입니까?
일부 지원되지 않는 확장 메시지가 로그에 표시됩니다. 중요하거나 무시할 수 있습니까?
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 AE .....
[Raw read]: length = 174
0000: 01 00 00 AA 03 03 D6 77 1F 2F 88 5D 31 C6 40 69 .......w./.][email protected]
0010: 8D 78 38 FA 16 4E 19 C4 D5 43 34 91 35 2A 2A 7C .x8..N...C4.5**.
0020: 77 B4 E8 71 E8 5B 00 00 1C DA DA C0 2B C0 2F C0 w..q.[......+./.
0030: 2C C0 30 CC A9 CC A8 C0 13 C0 14 00 9C 00 9D 00 ,.0.............
0040: 2F 00 35 00 0A 01 00 00 65 1A 1A 00 00 FF 01 00 /.5.....e.......
0050: 01 00 00 17 00 00 00 23 00 00 00 0D 00 14 00 12 .......#........
0060: 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 ................
0070: 02 01 00 05 00 05 01 00 00 00 00 00 12 00 00 00 ................
0080: 10 00 0E 00 0C 02 68 32 08 68 74 74 70 2F 31 2E ......h2.http/1.
0090: 31 75 50 00 00 00 0B 00 02 01 00 00 0A 00 0A 00 1uP.............
00A0: 08 7A 7A 00 1D 00 17 00 18 2A 2A 00 01 00 .zz......**...
XNIO-3 I/O-1, READ: TLSv1 Handshake, length = 174
*** ClientHello, TLSv1.2
RandomCookie: GMT: -696836305 bytes = { 136, 93, 49, 198, 64, 105, 141, 120, 56, 250, 22, 78, 25, 196, 213, 67, 52, 145, 53, 42, 42, 124, 119, 180, 232, 113, 232, 91 }
Session ID: {}
Cipher Suites: [Unknown 0xda:0xda, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_6682, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, Unknown (hash:0x8, signature:0x4), SHA256withRSA, SHA384withECDSA, Unknown (hash:0x8, signature:0x5), SHA384withRSA, Unknown (hash:0x8, signature:0x6), SHA512withRSA, SHA1withRSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 31354, unknown curve 29, secp256r1, secp384r1}
Unsupported extension type_10794, data: 00
***
[read] MD5 and SHA1 hashes: len = 174
0000: 01 00 00 AA 03 03 D6 77 1F 2F 88 5D 31 C6 40 69 .......w./.][email protected]
0010: 8D 78 38 FA 16 4E 19 C4 D5 43 34 91 35 2A 2A 7C .x8..N...C4.5**.
0020: 77 B4 E8 71 E8 5B 00 00 1C DA DA C0 2B C0 2F C0 w..q.[......+./.
0030: 2C C0 30 CC A9 CC A8 C0 13 C0 14 00 9C 00 9D 00 ,.0.............
0040: 2F 00 35 00 0A 01 00 00 65 1A 1A 00 00 FF 01 00 /.5.....e.......
0050: 01 00 00 17 00 00 00 23 00 00 00 0D 00 14 00 12 .......#........
0060: 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 ................
0070: 02 01 00 05 00 05 01 00 00 00 00 00 12 00 00 00 ................
0080: 10 00 0E 00 0C 02 68 32 08 68 74 74 70 2F 31 2E ......h2.http/1.
0090: 31 75 50 00 00 00 0B 00 02 01 00 00 0A 00 0A 00 1uP.............
00A0: 08 7A 7A 00 1D 00 17 00 18 2A 2A 00 01 00 .zz......**...
%% Initialized: [Session-7, SSL_NULL_WITH_NULL_NULL]
XNIO-3 task-7, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-7, SSL_NULL_WITH_NULL_NULL]
XNIO-3 task-7, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
XNIO-3 task-7, WRITE: TLSv1.2 Alert, length = 2
XNIO-3 I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
XNIO-3 I/O-1, called closeInbound()
XNIO-3 I/O-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
XNIO-3 I/O-1, called closeOutbound()
XNIO-3 I/O-1, closeOutboundInternal()
서버에서 개인 키를 사용할 수 없습니다. 키 스토어와 동일한 키를 사용하여 키를 시도하십시오. – EJP