jsse

问题 I installed Tomcat-7, configured support for TLSv1.2 on port 8443. My Connector configuration: protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" I then configured a list of strong ciphers I wanted to use. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 As I have read, Tomcat can either

问题 I need to set the following variables before invoking remote queue. System.setProperty("javax.net.ssl.trustStore","C:\\certs\\trustStore.jks"); System.setProperty("javax.net.ssl.keyStore","C:\\keystore\\keyStore.jks"); System.setProperty("javax.net.ssl.keyStorePassword","Demo1234"); System.setProperty("javax.net.ssl.trustStorePassword","Demo1234"); The passwords are exposed here. What is the best way to encrypt the passwords? 回答1: At some point, your private key/key store password must be

问题 I have a Java server that needs an option to shut down all connections. As part of this, I'm calling close() on each client socket. The problem I'm having is that this call sometimes blocks indefinitely. I can only reproduce this by simulating several hundred users, so its hard to pinpoint, but I suspect that this happens when that socket is blocked on a write. I read in another question that calling shutdownOutput() on the socket helps, but it is not supported by SSLSocket (which I am using)

问题 I am getting following exception on NIO SSL handshake. During handshake process, On client side, a) NEED_WRAP b) NEED_UNWRAP c) NEED_TASK d) NEED_UNWRAP - getting the following exception on calling unwrap. javax.net.ssl.SSLProtocolException: Handshake message sequence violation, 1 at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1371) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) at

问题 I am getting following exception on NIO SSL handshake. During handshake process, On client side, a) NEED_WRAP b) NEED_UNWRAP c) NEED_TASK d) NEED_UNWRAP - getting the following exception on calling unwrap. javax.net.ssl.SSLProtocolException: Handshake message sequence violation, 1 at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1371) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) at

问题 When I manually create a KeyManager , one of the steps is this: KeyManagerFactory.getInstance("SunX509") This does not work on IBM jre where I need to specify "IbmX509". My questions: I read that this is called the "certificate encoding algorithm". What does that mean? When is it used? What happens when the client is using the IBM algorithm and the server is using the Sun algorithm? Thanks, Doron 回答1: I read that this is called the "certificate encoding algorithm". No it isn't. It is a key

问题 I'm looking at the JSSE reference guide, I need to obtain an instance of SSLContext in order to create a SSLEngine , so I can use it with Netty to enable security. To obtain an instance of SSLContext , I use SSLContext.getInstance() . I see that the method is overridden multiple times, so I can chose the protocol and security provider to use. Here, I can see the list of algorithms that can be used. Which algorithm should I use to enable secure communication? Also, since it is possible to

问题 I'm building a Java Client-Server application. The client will communicating with the Server through SSL. I want to achive that the client needs to be authenticate itself. I mean use a keystore or whatever, but this topic is really new to me. So my question would be, how can I generate a Client and a Server side Keystore (if that's what it's called) and self sign it. From here I can do the rest. What I have: keytool -genkeypair -alias test -keystore test.store -storepass StorePass -validity

问题 I'm building a Java Client-Server application. The client will communicating with the Server through SSL. I want to achive that the client needs to be authenticate itself. I mean use a keystore or whatever, but this topic is really new to me. So my question would be, how can I generate a Client and a Server side Keystore (if that's what it's called) and self sign it. From here I can do the rest. What I have: keytool -genkeypair -alias test -keystore test.store -storepass StorePass -validity

问题 Overview JSSE allows users to provide default trust stores and key stores by specifying javax.net.ssl.* parameters. I would like to provide a non-default TrustManager for my application, while allowing the user to specify the KeyManager as usual, but there doesn't seem to be any way to achieve this. Details http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores Suppose on unix machines I want to allow the user to use a pkcs12 key store for