小贝子编程

Bouncy Castle and TLS_RSA_WITH_AES_128_CCM



我的一个测试工具(我只有二进制文件)使用java进行TLS通信。由于标准java不提供支持,所以Bouncy Castle用于使用CCM的密码。配置Bouncy Castle后,我的工具适用于大多数CCM相关密码(例如:TLS_DHE_RSA_WITH_AES_128_CCM)。但是,该工具无法用于TLS_RSA_WITH_AES_128_CCM密码套件。

下面是错误跟踪:

14:34:15.350 INFO  - Start TCP Listener on 0.0.0.0/0.0.0.0:10075 14:34:23.818 INFO  - Accept connection Socket[addr=/127.0.0.1,port=53357,localport=10075] 14:34:23.831 DEBUG
- /127.0.0.1:10075<-/127.0.0.1:53357(1): enter state: Sta2 - Transport connection open May 02, 2022 2:34:23 PM org.bouncycastle.jsse.provider.ProvTlsServer notifyAlertRaised INFO: Server raised fatal(2) handshake_failure(40) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.generateServerHello(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.handshakeIfNecessary(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect$AppDataInput.read(Unknown Source)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:57)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:68)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association$2.run(Association.java:571)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
14:34:23.918 INFO  - /127.0.0.1:10075<-/127.0.0.1:53357(1): i/o exception: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40); No selectable cipher suite in State: Sta2 - Transport connection open

任何指向为什么这个密码失败,而TLS_DHE_RSA_WITH_AES_128_CCM工作?

提前感谢。

在BouncyCastle github论坛的帮助下,我找到了解决问题的方法。它需要执行2个额外的步骤:

  1. 将bcpkix-$version.jar拷贝到%JAVA_HOME%libext路径
  2. 更新ssl.KeyManagerFactory。算法= java中的PKIX。安全文件

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium