API服务器早期支持TLS版本1.0,并且工作正常。在它停止对 1.0 的支持后,开始出现这些错误 -
Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService :200 - wslite.rest.RESTClientException: Remote host closed connection during handshake
[08:50:16.593] [] ERROR UserProfileService :200 - null
在本地设置中,我们通过 run-app 命令直接在 eclipse 上运行 Grails 应用程序。为了解决那里的TLS问题,我们将jvmArgs配置添加到应用程序配置文件BuildConfig.groovy,它起作用了 -
grails.project.fork = [
// configure settings for the run-app JVM
run: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]
在沙盒服务器上,我们通过在 tomcat 服务器上部署战争文件来运行应用程序。我们尝试将相同的配置更改添加到配置文件中的 war 属性,但它不起作用 -
grails.project.fork = [
// configure settings for the run-war JVM
war: [maxMemory: 768, minMemory: 64, debug: false, maxPerm: 256, forkReserve:false,jvmArgs: ['-Dhttps.protocols=TLSv1.1']],
]
然后我们也提到了tomcat配置,但仍然没有成功。这是卡特琳娜日志,显示tomcat正在采用更新的TLS配置 -
INFO: CATALINA_HOME: /opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.config.file=/opt/tomcat7-cpp2/conf/logging.properties
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dhttps.protocol=TLSv1.1,TLSv1.2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=/opt/tomcat7-cpp2/endorsed
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.base=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=/opt/tomcat7-cpp2
May 31, 2018 8:49:18 AM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.io.tmpdir=/opt/tomcat7-cpp2/temp
May 31, 2018 8:49:18 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found o
n the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
但是,我们无法确认应用程序是否也在读取针对 war 属性定义的更新 TLS 配置。
任何帮助或指示将不胜感激。
看起来您在 Tomcat 配置中有一个拼写错误,您可以在其中指定-Dhttps.protocol=TLSv1.1,TLSv1.2.正确的系统变量是https.protocols(带 s(。