Certificates do not conform to algorithm constraints
1、通过启动命令脚本的修改,将ssl的握手细节,打印出来,命令如下:sudo nohup java -Djavax.net.debug=ssl,handshake-jar -Xms512m -Xmx2048m -XX:CompressedClassSpaceSize=256m -XX:MetaspaceSize=200m -XX:MaxMetaspaceSize=400m controller.jar>/home/lbadmin/service/lbservice/controller/controller_ssl_debug.log 2>&1 &
-Djavax.net.debug=ssl,handshake 表现输出ssl细节命令,/home/lbadmin/service/lbservice/controller/controller_ssl_debug.log标识输出的日志目录
2、通过输出日志判断出证书的签名是
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.765 CST|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.771 CST|ClientHello.java:564|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "71 BC BD 83 D0 B3 53 5C A6 DC AC 2A 42 DA E9 EE 18 6E 92 23 9E 66 F8 7C D5 BF 89 C8 3D B1 3B CE",
"session id" : "71 9D 18 35 CB EF 8F C2 A5 CC 36 73 62 30 F1 A2 AC 0B F4 04 81 FA 85 78 98 EC 2C AB A2 96 AD 1F",
"cipher suites" : "",
"compression methods" : "00",
"extensions" : [
"supported_groups (10)": {
"versions":
},
"ec_point_formats (11)": {
"formats":
},
"signature_algorithms (13)": {
"signature schemes":
},
"signature_algorithms_cert (50)": {
"signature schemes":
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions":
},
"psk_key_exchange_modes (45)": {
"ke_modes":
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 39 F0 AA A5 7A 7A 00 E8 13 3A 1B B4 59 1D 27.9...zz...:..Y.'
0020: BA BD F4 EA D8 5F A5 25 C0 AD 79 80 F5 50 09 C1....._.%..y..P..
0030: B4 25 AE F5 62 0B BA A5 89 62 1F 0E AF ED DC A4.%..b....b......
0040: 4A
}
},
]
}
]
}
)
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.778 CST|ServerHello.java:863|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "18 18 E3 FE 94 2D EC EA 33 A2 A2 F8 44 FA 55 97 7A 9D 00 9C 31 DC 67 02 8C A5 51 5E D1 49 FB 51",
"session id" : "AC E4 BF 26 96 0E A0 00 00 00 00 00 00 72 D3 D4",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"ec_point_formats (11)": {
"formats":
},
"extended_master_secret (23)": {
<empty>
}
]
}
)
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.780 CST|SSLExtensions.java:173|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.781 CST|ServerHello.java:955|Negotiated protocol version: TLSv1.2
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.782 CST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.783 CST|SSLExtensions.java:173|Ignore unavailable extension: server_name
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.783 CST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.784 CST|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.784 CST|SSLExtensions.java:192|Consumed extension: ec_point_formats
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.785 CST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.785 CST|SSLExtensions.java:192|Consumed extension: extended_master_secret
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.786 CST|SSLExtensions.java:163|Ignore unsupported extension: supported_versions
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.786 CST|SSLExtensions.java:163|Ignore unsupported extension: key_share
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.787 CST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.787 CST|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.788 CST|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.789 CST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.789 CST|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.790 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.790 CST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.791 CST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.791 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.792 CST|SSLExtensions.java:207|Ignore unavailable extension: supported_versions
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.792 CST|SSLExtensions.java:207|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.793 CST|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.793 CST|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.808 CST|CertificateMessage.java:366|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "5D 9E 43 DD 08 19 30",
"signature algorithm": "SHA1withRSA",
"issuer" : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
"not before" : "2019-10-09 04:32:29.000 CST",
"notafter" : "2025-04-01 04:32:29.000 CST",
"subject" : "CN=skxclcwms.skechers.cn, O=Skechers CLC, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
"subject public key" : "RSA"},
"certificate" : {
"version" : "v3",
"serial number" : "5D 9E 3E E6",
"signature algorithm": "SHA1withRSA",
"issuer" : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
"not before" : "2019-10-09 04:11:18.000 CST",
"notafter" : "",
"subject" : "CN=Skechers CLC, O=Skechers China Logistics Center, L=Taicang, ST=Taicang Port Economic and Technological Development Zone, C=CN",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
}
]}
]
)
javax.net.ssl|SEVERE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.817 CST|TransportContext.java:323|Fatal (UNSUPPORTED_CERTIFICATE): Certificates do not conform to algorithm constraints (
"throwable" : {
java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1429)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1354)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1298)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:687)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:644)
at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:430)
at com.amrcan.airrob.data.report.utils.ReportRestUtil.post(ReportRestUtil.java:263)
at com.amrcan.airrob.data.report.utils.ReportRestUtil.post(ReportRestUtil.java:78)
at com.amrcan.airrob.data.report.utils.ReportRestUtil$$FastClassBySpringCGLIB$$e0cac39.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:91)
at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:287)
at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:164)
at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:118)
at org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:153)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at com.amrcan.airrob.data.report.utils.ReportRestUtil$$EnhancerBySpringCGLIB$$e61fd3ac.post(<generated>)
at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl.send(ReportLogServiceImpl.java:332)
at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl.sendReportLog(ReportLogServiceImpl.java:285)
at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl$$FastClassBySpringCGLIB$$35bc1768.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:684)
at com.amrcan.airrob.data.report.service.impl.ReportLogServiceImpl$$EnhancerBySpringCGLIB$$fe5ebaac.sendReportLog(<generated>)
at com.amrcan.airrob.skechers.service.Impl.SkechersInBoundServiceImpl.postInBoundGetGoods(SkechersInBoundServiceImpl.java:58)
at com.amrcan.airrob.skechers.controller.SkqInBoundController.postInBoundGetGoods(SkqInBoundController.java:114)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:891)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:981)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:884)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:858)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.github.xiaoymin.knife4j.spring.filter.ProductionSecurityFilter.doFilter(ProductionSecurityFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.github.xiaoymin.knife4j.spring.filter.SecurityBasicAuthFilter.doFilter(SecurityBasicAuthFilter.java:90)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at com.amrcan.airrob.authority.filter.security.JWTAuthorizationFilter.doFilterInternal(JWTAuthorizationFilter.java:53)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:750)
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA
at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:237)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1425)
... 165 more}
)
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.820 CST|SSLSocketImpl.java:1619|close the underlying socket
javax.net.ssl|FINE|25|http-nio-0.0.0.0-7792-exec-1|2025-01-09 10:05:38.820 CST|SSLSocketImpl.java:1638|close the SSL connection (initiative)
通过以上可知,证书的算法是SHA1withRSA,但是在新服务器下SHA1的算法为了安全已被禁用,但是由于服务器的证书牵扯过多的程序,更改服务器的证书算法不太现实,那么只有更改java的安全战略了
2、在linux的服务器下,找到java.security文件,一般在目录/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.432.b06-3.e19.x86 64/lib/security/下,更改里面的jdk.jar.disabledAlgorithms中的去除SHA1,使其支持该算法
更改过之后,发现还是没用,
3、当时想着是不是因为客户端的openssl造成的,所以当时有找到openssl.cnf文件,进行更改,使其支持SHA1算法,但是依旧不能解决题目。
4、直到更改/etc/crypto-policies/back-ends/java.config的java.config文件,使其支持SHA1算法,测试才通过
/etc/crypto-policies 目录包罗用于配置系统加密战略的文件。这些战略旨在确保系统组件利用安全的加密算法、协议和密钥长度。
java.config 文件是这些战略的一部分,专门用于配置 Java 运行时环境(JRE)的加密设置。这个文件是由 crypto-policies 包提供的,并且通常与 FIPS(联邦信息处理处罚标准)合规性或其他加密标准有关。
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]