SSLException: Reçu alerte fatale: illegal_parameter après Java 1.7 mise à niveau

Tomcat 7 mise à niveau de tomcat 5 lors de la connexion LDAP donne une erreur :

main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, illegal_parameter
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter

Même code fonctionne très bien avec Tomcat 5 sur Java 1.5

Quelqu'un a une solution?

Java 5 SSL Demande/réponse

init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1363826094 bytes = { 214, 89, 42, 109, 152, 165, 62, 69, 126, 239, 105, 77, 178, 234, 219, 136, 35, 159, 179, 159, 108, 193, 12, 172, 7, 185, 191, 75 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
[write] MD5 and SHA1 hashes:  len = 79
0000: 01 00 00 4B 03 01 51 4A   56 AE D6 59 2A 6D 98 A5  ...K..QJV..Y*m..
0010: 3E 45 7E EF 69 4D B2 EA   DB 88 23 9F B3 9F 6C C1  >E..iM....#...l.
0020: 0C AC 07 B9 BF 4B 00 00   24 00 04 00 05 00 2F 00  .....K..$...../.
0030: 35 00 33 00 39 00 32 00   38 00 0A 00 16 00 13 00  5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00   08 00 14 00 11 01 00     ...............
main, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes:  len = 107
0000: 01 03 01 00 42 00 00 00   20 00 00 04 01 00 80 00  ....B... .......
0010: 00 05 00 00 2F 00 00 35   00 00 33 00 00 39 00 00  ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07   00 C0 00 00 16 00 00 13  2..8............
0030: 00 00 09 06 00 40 00 00   15 00 00 12 00 00 03 02  .....@..........
0040: 00 80 00 00 08 00 00 14   00 00 11 51 4A 56 AE D6  ...........QJV..
0050: 59 2A 6D 98 A5 3E 45 7E   EF 69 4D B2 EA DB 88 23  Y*m..>E..iM....#
0060: 9F B3 9F 6C C1 0C AC 07   B9 BF 4B                 ...l......K
main, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00   00 00 20 00 00 04 01 00  .k....B... .....
0010: 80 00 00 05 00 00 2F 00   00 35 00 00 33 00 00 39  ....../..5..3..9
0020: 00 00 32 00 00 38 00 00   0A 07 00 C0 00 00 16 00  ..2..8..........
0030: 00 13 00 00 09 06 00 40   00 00 15 00 00 12 00 00  .......@........
0040: 03 02 00 80 00 00 08 00   00 14 00 00 11 51 4A 56  .............QJV
0050: AE D6 59 2A 6D 98 A5 3E   45 7E EF 69 4D B2 EA DB  ..Y*m..>E..iM...
0060: 88 23 9F B3 9F 6C C1 0C   AC 07 B9 BF 4B           .#...l......K
[Raw read]: length = 5
0000: 16 03 01 00 2A                                     ....*
[Raw read]: length = 42
0000: 02 00 00 26 03 01 51 4A   56 AE 69 C1 21 C1 51 EF  ...&..QJV.i.!.Q.
0010: 7B 2E 1D 34 1A 72 40 A7   BD FE B6 DF 6D B8 41 A1  ...4.r@.....m.A.
0020: 18 ED C9 AC 15 EE 00 00   04 00                    ..........
main, READ: TLSv1 Handshake, length = 42
*** ServerHello, TLSv1
RandomCookie:  GMT: 1363826094 bytes = { 105, 193, 33, 193, 81, 239, 123, 46, 29, 52, 26, 114, 64, 167, 189, 254, 182, 223, 109, 184, 65, 161, 24, 237, 201, 172, 21, 238 }
Session ID:  {}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
</pre>
****Java 7 Requset/Response****
<pre>
trigger seeding of SecureRandom
done seeding SecureRandom
SocketFactory Class sun.security.ssl.SSLSocketFactoryImpl
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Connection: creating socket with a timeout using supplied socket factory
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Catalina-startStop-1, setSoTimeout(5000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1364411375 bytes = { 252, 62, 19, 89, 117, 105, 113, 92, 8, 241, 158, 190, 129, 34, 137, 245, 24, 92, 177, 17, 164, 204, 114, 199, 68, 55, 199, 3 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_
RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WI
TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL
_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, 
secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect5
71r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Catalina-startStop-1, WRITE: TLSv1 Handshake, length = 149
Catalina-startStop-1, READ: TLSv1 Alert, length = 2
Catalina-startStop-1, RECV TLSv1 ALERT:  fatal, illegal_parameter
Catalina-startStop-1, called closeSocket()
javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

Cette sortie déjà -Djavax.net.debug=all? VoirDébogage des connexions SSL/TLS
Oui, c'est la sortie vient d'-Djavax.net.debug=tout, une fois que le client sente hellomessage, au cours de serverhello nous obtenir cette exception
Je pense que vous avez besoin de fournir plus de détails, par exemple le client/serveur de sortie d'un réussi poignée de main et un échec.
ajouté journaux de java5 et java7
1. Essayez de désactiver l'écliptique courbes avec jdk.tls.disabledAlgorithms=ECDH, ECDHE, ECDSA. 2. Peut-être que vous avez un fournisseur externe installé dans votre java5/jre/lib/security mais pas dans votre java7/jre/lib/security? 3. Avez-vous remplacer la restriction de la politique de fichiers dans votre java7 de l'installation?

OriginalL'auteur user2193288 | 2013-03-21

16

Solution à ce problème est:
1. La désactivation de l'écliptique courbes avec la commande: -Dcom.sun.net.ssl.enableECC=false
2. La désactivation de l'extension de nom de serveur: -Djsse.enableSNIExtension=false
3. Installé sans restriction de la politique de fichiers jar.
Ce problème est réglé et je suis en mesure d'exécuter l'application.

+1 grande aide...
-Dcom.sun.net.ssl.enableECC=false résolu mon problème

OriginalL'auteur user2193288

Vous devez vous connecter pour publier un commentaire.