-1


我在使用SSLEngineJava 时遇到了一个小问题。我用它来创建客户端和服务器之间的 SSL 连接。这不是基于 Web 的应用程序。

我正在为我的产品开发人员创建一个框架,以便在客户端和服务器之间进行通信。根据他们的配置,我必须创建连接。如果需要加密,我必须创建一个加密通道并将其提供给他们;如果没有,我只需要创建一个没有加密但带有消息摘要的 SSL 通道,所以我需要启用的密码套件是SSL_RSA_WITH_NULL_MD5. 如果需要加密,我将使用SSL_RSA_WITH_<some encryption algo>_SHA/MD5.

我能够配置第二个……但无法配置SSL_RSA_WITH_NULL_MD5. 它给了我一个例外 message No cypher suites in common。我用来开发这个的框架是 Netty(jboss-netty)。

任何人都可以帮我解决这个问题吗?

代码 ::

public static ChannelFuture doHandshake(Channel channel,boolean isServer){
    if (isServer) {
        SSLEngine engine = SslContextFactory.getServerContext().createSSLEngine();
        engine.setUseClientMode(false);
        //engine.setWantClientAuth(true);
        engine.setNeedClientAuth(true);

        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

        String[] enabledSuites = engine.getEnabledCipherSuites();
        //String[] sdf = engine.getSupportedCipherSuites();
        engine.setEnabledCipherSuites(getWantedCyphers(enabledSuites, true));
        engine.setEnableSessionCreation(true);
        channel.getPipeline().addFirst(SSL_SERVER_HANDLER_NAME, new SslHandler(engine));

        SslHandler sslHandler = (SslHandler) channel.getPipeline().get(SSL_SERVER_HANDLER_NAME);

        sslHandler.setEnableRenegotiation(true);
        return sslHandler.handshake();
    } else {
        SSLEngine engine = SslContextFactory.getClientContext().createSSLEngine();
        engine.setUseClientMode(true);
        engine.setEnableSessionCreation(true);
        //engine.setWantClientAuth(true);
        //engine.setNeedClientAuth(true);

        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

        String[] enabledSuites=engine.getEnabledCipherSuites();
        //String[] sdf=engine.getSupportedCipherSuites();
        engine.setEnabledCipherSuites(getWantedCyphers(enabledSuites,true));
        channel.getPipeline().addFirst(SSL_CLIENT_HANDLER_NAME, new SslHandler(engine));

        SslHandler sslHandler = (SslHandler) channel.getPipeline().get(SSL_CLIENT_HANDLER_NAME);

        sslHandler.setEnableRenegotiation(true);
        return sslHandler.handshake();
    }
}

public static String[] getWantedCyphers(String[] enabledSuites,boolean isEnabled) {
    List<String> wantedCyphers = new LinkedList<String>();
    String[] finalEnabledCyphers = null;
    if (!isEnabled) {
        finalEnabledCyphers = new String[1];
        finalEnabledCyphers[0] = "SSL_RSA_WITH_NULL_MD5";
        return finalEnabledCyphers;
    }
    String configFilePath = TestConstants.CONFIG_FILE;
    ConfigSAXParser configParser = new ConfigSAXParser();
    <OurOwnConfigClass>config = null;
    try {
        config = (<OurOwnConfigClass>(configParser.parseFile(configFilePath));
    } catch (SAXParserException spe){
    }
    <ourOwnConfigSubClass> communicationConfig = config.getCommunicationConfig();
    String[] requestedCyphers = communicationConfig.getEncryptionAlgorithms();
    for (int i=0;i<requestedCyphers.length;i++){
        requestedCyphers[i] = "SSL_RSA_WITH_"+requestedCyphers[i]+"_SHA";
    }
    List<String> stList = new LinkedList<String>();
    for (int i=0;i<enabledSuites.length;i++) {
        stList.add(enabledSuites[i]);
    }
    for (int j=0;j<requestedCyphers.length;j++) {
        if (stList.contains(requestedCyphers[j])) {
            wantedCyphers.add(requestedCyphers[j]);
        }
    }

    Object[] strings = wantedCyphers.toArray();
    finalEnabledCyphers = new String[strings.length];
    for (int k=0;k<strings.length;k++) {
        finalEnabledCyphers[k] = (String)strings[k];
    }
    return finalEnabledCyphers;
}
4

2 回答 2

1

“no cipher suites in common”消息表明服务器不接受 Client Hello 消息中的任何密码套件。更是如此,因为您正在尝试使用不执行任何数据加密的空密码套件。大多数服务器默认不支持空密码套件,您必须明确启用它。

于 2010-12-06T05:55:53.650 回答
1

您是否已将其添加到启用的密码套件中?

于 2010-12-06T05:50:54.663 回答