0

我们在存储端有以下安全配置(8.1.4P1 7-Mode)

配置

tls.enable on
ssl.enable on
ssl.v2.enable off
ssl.v3.enable off

我们尝试使用 NetApp Manageability SDK 5.7 访问存储,它在 jdk1.8.0_161 上运行良好。

我们将JDK升级到jdk1.8.0_181然后我们无法访问它,它抛出异常

`2018-08-03 05:06:27,071 [Thread-1469] app-ERROR-javax.net.ssl.SSLException: Connection has been shutdown: `javax.net.ssl.SSLHandshakeException`: Received fatal alert: handshake_failure at` `sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1551)`

    at sun.security.ssl.AppInputStream.read(AppInputStream.java:95)

    at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)

    at netapp.manage.http.HTTPMessage.readLine(HTTPMessage.java:245)

    at netapp.manage.http.HTTPResponse.read(HTTPResponse.java:74)

    at netapp.manage.http.HTTPClient.doRequest(HTTPClient.java:772)

    at netapp.manage.NaServer.invokeHTTP(NaServer.java:955)

根据 jdk“jdk1.8.0_181”的发行说明,JDK 181 禁用了“3DES 密码套件”。

有什么办法可以从 NetApp 方面解决它?

4

1 回答 1

0

虽然不能直接回答如何从 NetApp 端解决此问题,但可以通过在运行时从 jdk.tls.disabledAlgorithms 安全属性中删除“3DES_EDE_CBC”在应用程序端解决该问题。就像是:

final String JDK_TLS_DISABLED_ALGORITHMS = "jdk.tls.disabledAlgorithms";
final String TRIPLE_DES_EDE_CBC = "3DES_EDE_CBC";
final String disabledAlgorithms = Splitter.on(',').trimResults()
        .splitToList(Security.getProperty(JDK_TLS_DISABLED_ALGORITHMS)).stream()
        .filter(algo -> !algo.equals(TRIPLE_DES_EDE_CBC)).collect(joining(", "));
Security.setProperty(JDK_TLS_DISABLED_ALGORITHMS, disabledAlgorithms);
于 2018-09-10T16:49:48.367 回答