即使在客户端禁用TLS 1.2之后,在Java 1.8客户端和以FIPS模式运行的Java 1.7 TLS 1.1服务器之间TLS握手也会失败

Question

即使在客户端禁用TLS 1.2之后,在Java 1.8客户端和以FIPS模式运行的Java 1.7 TLS 1.1服务器之间TLS握手也会失败

San*_*hat 7 security ssl nss fips java-8

"Java 1.7 TLS 1.1服务器"和"Java 1.8客户端"之间的SSL/TLS握手在我的环境中失败,服务器端出现以下异常:

java.security.NoSuchAlgorithmException:没有这样的算法:SunTls12MasterSecret for provider SunPKCS11-NSSfips

以下是我的环境中服务器和客户端的详细信息:

服务器:

服务器使用Java 1.7u45,并且正在运行符合FIPS 140的模式,如 http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html中所述.
服务器使用Mozilla网络安全服务(NSS)版本3.14.3作为加密提供程序.
服务器在SLES 11 SP3(SuSE Linux Enterprise Server)操作系统上运行,并使用操作系统提供的以下NSS RPMS:
- Mozilla的NSS-3.14.3-0.11.11
- Mozilla的NSS-工具 - 3.14.3-0.11.11
- Mozilla的NSPR-4.9.6-0.3.1
- libfreebl3-3.14.3-0.11.11
- libsoftokn3-3.14.3-0.11.11
需要注意的一点是,NSS版本3.14.3不支持TLS 1.2.
服务器使用Java 1.7u45,因为Java 1.7u51中引入了Java错误"8028192在FIPS模式下使用PKCS11-NSS提供程序".有关详细信息,请参阅http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html中的 "已知问题"部分"区域:security-libs/javax.net.ssl" .

客户:

客户端是基于Java Swing的客户端应用程序,它使用Java Web Start启动.
客户端使用Java 1.8u25并在Windows 7 Professional SP1操作系统上运行.
由于服务器不支持TLS 1.2,因此在Java控制面板的"高级"选项卡中,客户端已禁用TLS 1.2,如 https://docs.oracle.com/javase/8/docs/technotes/中所述guides/deploy/jcp.html#A1153011.

题:

由于服务器不支持TLS 1.2,我在客户端禁用了TLS 1.2.
我无法弄清楚为什么握手失败"甚至在客户端禁用TLS 1.2之后".你能帮我解决这个问题吗？

补充意见:

如果使用Java 1.7(任何版本)并且在客户端禁用TLS 1.2,则相同的方案可以正常工作.
如果使用Java 1.7(任何版本)并在客户端启用TLS 1.2,则会在服务器端抛出相同的异常"java.security.NoSuchAlgorithmException:no such algorithm:SunTls12MasterSecret for provider SunPKCS11-NSSfips".
如果在客户端使用Java 1.8(任何版本),即使禁用TLS 1.2,它也会失败.

服务器端SSL调试日志:

似乎首先使用密码TLS_RSA_WITH_AES_128_CBC_SHA在TLS 1.1中启动握手.
在此之后,出于某种原因,使用密码TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256使用TLS 1.2重新启动握手,该密码失败,异常为"java.security.NoSuchAlgorithmException:no such algorithm:SunTls12MasterSecret for provider SunPKCS11-NSSfips".

TLS 1.1 Java 1.7u45服务器+ Java 1.8u25 TLS 1.2禁用客户端 - 失败:

2014/11/28 15:03:38 | INFO   | jvm 1    | *** ClientHello, TLSv1.1
2014/11/28 15:03:38 | INFO   | jvm 1    | RandomCookie:  GMT: 1417167224 bytes = { 55, 212, 126, 68, 49, 1, 205, 58, 112, 15, 1, 9, 38, 31, 58, 188, 229, 115, 10, 61, 249, 209, 98, 140, 149, 113, 149, 231 }
2014/11/28 15:03:38 | INFO   | jvm 1    | Session ID:  {84, 120, 65, 114, 3, 180, 96, 53, 232, 47, 28, 70, 58, 150, 117, 9, 169, 7, 94, 233, 94, 198, 136, 202, 240, 130, 18, 23, 89, 10, 220, 111}
2014/11/28 15:03:38 | INFO   | jvm 1    | Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA]
2014/11/28 15:03:38 | INFO   | jvm 1    | Compression Methods:  { 0 }
2014/11/28 15:03:38 | INFO   | jvm 1    | Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
2014/11/28 15:03:38 | INFO   | jvm 1    | Extension ec_point_formats, formats: [uncompressed]
2014/11/28 15:03:38 | INFO   | jvm 1    | Extension renegotiation_info, renegotiated_connection: <empty>
2014/11/28 15:03:38 | INFO   | jvm 1    | ***
2014/11/28 15:03:38 | INFO   | jvm 1    | %% Resuming [Session-135, TLS_RSA_WITH_AES_128_CBC_SHA]
2014/11/28 15:03:38 | INFO   | jvm 1    | *** ServerHello, TLSv1.1
2014/11/28 15:03:38 | INFO   | jvm 1    | RandomCookie:  GMT: 1417167218 bytes = { 175, 0, 103, 107, 78, 20, 172, 204, 4, 196, 148, 153, 126, 87, 188, 255, 85, 219, 140, 39, 41, 136, 51, 33, 169, 31, 36, 150 }
2014/11/28 15:03:38 | INFO   | jvm 1    | Session ID:  {84, 120, 65, 114, 3, 180, 96, 53, 232, 47, 28, 70, 58, 150, 117, 9, 169, 7, 94, 233, 94, 198, 136, 202, 240, 130, 18, 23, 89, 10, 220, 111}
2014/11/28 15:03:38 | INFO   | jvm 1    | Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
2014/11/28 15:03:38 | INFO   | jvm 1    | Compression Method: 0
2014/11/28 15:03:38 | INFO   | jvm 1    | Extension renegotiation_info, renegotiated_connection: <empty>
2014/11/28 15:03:38 | INFO   | jvm 1    | ***
2014/11/28 15:03:38 | INFO   | jvm 1    | Cipher suite:  TLS_RSA_WITH_AES_128_CBC_SHA
2014/11/28 15:03:38 | INFO   | jvm 1    | CONNECTION KEYGEN:
2014/11/28 15:03:38 | INFO   | jvm 1    | Client Nonce:
2014/11/28 15:03:38 | INFO   | jvm 1    | 0000: 54 78 41 78 37 D4 7E 44   31 01 CD 3A 70 0F 01 09  TxAx7..D1..:p...
2014/11/28 15:03:38 | INFO   | jvm 1    | 0010: 26 1F 3A BC E5 73 0A 3D   F9 D1 62 8C 95 71 95 E7  &.:..s.=..b..q..
2014/11/28 15:03:38 | INFO   | jvm 1    | Server Nonce:
2014/11/28 15:03:38 | INFO   | jvm 1    | 0000: 54 78 41 72 AF 00 67 6B   4E 14 AC CC 04 C4 94 99  TxAr..gkN.......
2014/11/28 15:03:38 | INFO   | jvm 1    | 0010: 7E 57 BC FF 55 DB 8C 27   29 88 33 21 A9 1F 24 96  .W..U..').3!..$.
2014/11/28 15:03:38 | INFO   | jvm 1    | Master Secret:
2014/11/28 15:03:38 | INFO   | jvm 1    | (key bytes not available)
2014/11/28 15:03:38 | INFO   | jvm 1    | Client MAC write Secret:
2014/11/28 15:03:38 | INFO   | jvm 1    | (key bytes not available)
2014/11/28 15:03:38 | INFO   | jvm 1    | Server MAC write Secret:
2014/11/28 15:03:38 | INFO   | jvm 1    | (key bytes not available)
2014/11/28 15:03:38 | INFO   | jvm 1    | Client write key:
2014/11/28 15:03:38 | INFO   | jvm 1    | (key bytes not available)
2014/11/28 15:03:38 | INFO   | jvm 1    | Server write key:
2014/11/28 15:03:38 | INFO   | jvm 1    | (key bytes not available)
2014/11/28 15:03:38 | INFO   | jvm 1    | ... no IV derived for this protocol
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-300, WRITE: TLSv1.1 Handshake, length = 81
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-300, WRITE: TLSv1.1 Change Cipher Spec, length = 1
2014/11/28 15:03:38 | INFO   | jvm 1    | *** Finished
2014/11/28 15:03:38 | INFO   | jvm 1    | verify_data:  { 205, 73, 239, 162, 189, 111, 93, 112, 252, 191, 178, 72 }
2014/11/28 15:03:38 | INFO   | jvm 1    | ***
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-300, WRITE: TLSv1.1 Handshake, length = 64
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-299, READ: TLSv1.1 Change Cipher Spec, length = 1
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-299, READ: TLSv1.1 Handshake, length = 64
2014/11/28 15:03:38 | INFO   | jvm 1    | *** Finished
2014/11/28 15:03:38 | INFO   | jvm 1    | verify_data:  { 19, 183, 83, 202, 63, 74, 163, 0, 247, 151, 206, 20 }
2014/11/28 15:03:38 | INFO   | jvm 1    | ***
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-299 - /AuthServices/auth/tokens, WRITE: TLSv1.1 Application Data, length = 184
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-299 - /AuthServices/auth/tokens, WRITE: TLSv1.1 Application Data, length = 2987
2014/11/28 15:03:38 | INFO   | jvm 1    | qtp1981883520-299, WRITE: TLSv1.1 Application Data, length = 5
2014/11/28 15:03:38 | INFO   | jvm 1    | Allow unsafe renegotiation: false
2014/11/28 15:03:38 | INFO   | jvm 1    | Allow legacy hello messages: true
2014/11/28 15:03:38 | INFO   | jvm 1    | Is initial handshake: true
2014/11/28 15:03:38 | INFO   | jvm 1    | Is secure renegotiation: false
2014/11/28 15:03:38 | INFO   | jvm 1    | Is secure renegotiation: false
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, READ: TLSv1.2 Handshake, length = 207
2014/11/28 15:03:43 | INFO   | jvm 1    | *** ClientHello, TLSv1.2
2014/11/28 15:03:43 | INFO   | jvm 1    | RandomCookie:  GMT: 1417167229 bytes = { 209, 207, 128, 77, 244, 126, 201, 133, 122, 149, 46, 174, 146, 131, 232, 171, 236, 114, 188, 239, 89, 136, 179, 55, 42, 35, 10, 208 }
2014/11/28 15:03:43 | INFO   | jvm 1    | Session ID:  {}
2014/11/28 15:03:43 | INFO   | jvm 1    | Session ID:  {}
2014/11/28 15:03:43 | INFO   | jvm 1    | Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2014/11/28 15:03:43 | INFO   | jvm 1    | Compression Methods:  { 0 }
2014/11/28 15:03:43 | INFO   | jvm 1    | Compression Methods:  { 0 }
2014/11/28 15:03:43 | INFO   | jvm 1    | Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
2014/11/28 15:03:43 | INFO   | jvm 1    | Extension ec_point_formats, formats: [uncompressed]
2014/11/28 15:03:43 | INFO   | jvm 1    | Extension ec_point_formats, formats: [uncompressed]
2014/11/28 15:03:43 | INFO   | jvm 1    | Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
2014/11/28 15:03:43 | INFO   | jvm 1    | ***
2014/11/28 15:03:43 | INFO   | jvm 1    | %% Initialized:  [Session-136, SSL_NULL_WITH_NULL_NULL]
2014/11/28 15:03:43 | INFO   | jvm 1    | %% Initialized:  [Session-136, SSL_NULL_WITH_NULL_NULL]
2014/11/28 15:03:43 | INFO   | jvm 1    | %% Negotiating:  [Session-136, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
2014/11/28 15:03:43 | INFO   | jvm 1    | *** ServerHello, TLSv1.2
2014/11/28 15:03:43 | INFO   | jvm 1    | RandomCookie:  GMT: 1417167223 bytes = { 117, 144, 129, 63, 132, 34, 26, 83, 118, 25, 122, 135, 116, 24, 242, 213, 196, 31, 25, 127, 155, 153, 6, 132, 244, 45, 21, 235 }
2014/11/28 15:03:43 | INFO   | jvm 1    | RandomCookie:  GMT: 1417167223 bytes = { 117, 144, 129, 63, 132, 34, 26, 83, 118, 25, 122, 135, 116, 24, 242, 213, 196, 31, 25, 127, 155, 153, 6, 132, 244, 45, 21, 235 }
2014/11/28 15:03:43 | INFO   | jvm 1    | Session ID:  {84, 120, 65, 119, 78, 220, 0, 216, 29, 255, 202, 86, 198, 210, 97, 121, 235, 184, 87, 232, 34, 43, 85, 29, 148, 43, 201, 241, 189, 70, 130, 185}
2014/11/28 15:03:43 | INFO   | jvm 1    | Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2014/11/28 15:03:43 | INFO   | jvm 1    | Compression Method: 0
2014/11/28 15:03:43 | INFO   | jvm 1    | Extension renegotiation_info, renegotiated_connection: <empty>
2014/11/28 15:03:43 | INFO   | jvm 1    | ***
2014/11/28 15:03:43 | INFO   | jvm 1    | Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2014/11/28 15:03:43 | INFO   | jvm 1    | *** Certificate chain
2014/11/28 15:03:43 | INFO   | jvm 1    | chain [0] = [
2014/11/28 15:03:43 | INFO   | jvm 1    | [
2014/11/28 15:03:43 | INFO   | jvm 1    |   Version: V3
2014/11/28 15:03:43 | INFO   | jvm 1    |   Subject: CN=dev-05.labs.blr.com, O=webserver
2014/11/28 15:03:43 | INFO   | jvm 1    |   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
2014/11/28 15:03:43 | INFO   | jvm 1    |
2014/11/28 15:03:43 | INFO   | jvm 1    |   Key:  SunPKCS11-NSSfips RSA public key, 2048 bits (id 1, session object)
2014/11/28 15:03:43 | INFO   | jvm 1    |   Key:  SunPKCS11-NSSfips RSA public key, 2048 bits (id 1, session object)
2014/11/28 15:03:43 | INFO   | jvm 1    |   modulus: 19751124565775544542661601941034719218747286997557229376272410409764009924174952830102822006739940996361158891315994655677031683410457285645708620145915789088144941408425439122384306771006790672852952487887077643219829713631271285091822690455402307000211724434432943370113476924425722411995320247744734057517566666508974254720742261526685687656494544221796453195966155694205640019924093341684193258103280171653517687458035087335731929833587535142452049552301009807817546366586239918288540321429443922231821575519420587811789981092934767950075857907111279056051594689275813767976468618202672668356345198890748632149983
2014/11/28 15:03:43 | INFO   | jvm 1    |   public exponent: 65537
2014/11/28 15:03:43 | INFO   | jvm 1    |   public exponent: 65537
2014/11/28 15:03:43 | INFO   | jvm 1    |   Validity: [From: Tue Nov 25 14:37:52 IST 2014,
2014/11/28 15:03:43 | INFO   | jvm 1    |                To: Thu Nov 01 14:37:52 IST 2114]
2014/11/28 15:03:43 | INFO   | jvm 1    |   Issuer: CN=dev-05.labs.blr.com, O=webserver
2014/11/28 15:03:43 | INFO   | jvm 1    |   SerialNumber: [    0d54f951]
2014/11/28 15:03:43 | INFO   | jvm 1    |
2014/11/28 15:03:43 | INFO   | jvm 1    | Certificate Extensions: 1
2014/11/28 15:03:43 | INFO   | jvm 1    | [1]: ObjectId: 2.5.29.14 Criticality=false
2014/11/28 15:03:43 | INFO   | jvm 1    | SubjectKeyIdentifier [
2014/11/28 15:03:43 | INFO   | jvm 1    | KeyIdentifier [
2014/11/28 15:03:43 | INFO   | jvm 1    | 0000: 94 2D EB EF E8 04 5F 84   B2 BA F6 A5 C9 58 D3 79  .-...._......X.y
2014/11/28 15:03:43 | INFO   | jvm 1    | 0010: 44 8F 40 07                                        D.@.
2014/11/28 15:03:43 | INFO   | jvm 1    | ]
2014/11/28 15:03:43 | INFO   | jvm 1    | ]
2014/11/28 15:03:43 | INFO   | jvm 1    |
2014/11/28 15:03:43 | INFO   | jvm 1    | ]
2014/11/28 15:03:43 | INFO   | jvm 1    |   Algorithm: [SHA256withRSA]
2014/11/28 15:03:43 | INFO   | jvm 1    |   Signature:
2014/11/28 15:03:43 | INFO   | jvm 1    | 0000: 39 59 42 B8 26 F6 64 7E   CA C1 33 7C 60 6A FC 80  9YB.&.d...3.`j..
2014/11/28 15:03:43 | INFO   | jvm 1    | 0010: 5F AF 51 89 98 B7 AC 0C   27 DA A1 60 AD 5B 87 11  _.Q.....'..`.[..
2014/11/28 15:03:43 | INFO   | jvm 1    | 0020: D8 95 E3 37 D2 CB E3 8A   6F CF 82 F3 4C AA B6 42  ...7....o...L..B
2014/11/28 15:03:43 | INFO   | jvm 1    | 0030: F5 8B 67 0B D9 F2 3E FA   FE 81 C5 77 78 47 E2 61  ..g...>....wxG.a
2014/11/28 15:03:43 | INFO   | jvm 1    | 0040: 33 DC 97 CB FC 04 1D 99   18 84 C3 DC 28 8D 14 D7  3...........(...
2014/11/28 15:03:43 | INFO   | jvm 1    | 0050: AF 71 1C E6 41 FC D1 71   CB C3 50 66 5E 28 AF EB  .q..A..q..Pf^(..
2014/11/28 15:03:43 | INFO   | jvm 1    | 0060: AF 80 52 CC 89 BE 0D 0B   58 1C CA 1C 34 36 BA 96  ..R.....X...46..
2014/11/28 15:03:43 | INFO   | jvm 1    | 0070: F2 FE 18 73 6B F7 09 35   94 AC 8E CB F2 83 47 62  ...sk..5......Gb
2014/11/28 15:03:43 | INFO   | jvm 1    | 0080: 20 FD 64 64 72 D6 89 D7   77 A7 D0 17 43 7E FF 44   .ddr...w...C..D
2014/11/28 15:03:43 | INFO   | jvm 1    | 0090: 57 B5 1D 27 24 1D F5 87   86 E9 29 EF DE E7 D2 2E  W..'$.....).....
2014/11/28 15:03:43 | INFO   | jvm 1    | 00A0: 32 EE 3D 82 7C 53 7E 93   E9 5F 5E 9C 62 F5 31 C7  2.=..S..._^.b.1.
2014/11/28 15:03:43 | INFO   | jvm 1    | 00B0: 9E 54 58 50 01 EE 58 18   81 6D 52 C0 EB CA CA 52  .TXP..X..mR....R
2014/11/28 15:03:43 | INFO   | jvm 1    | 00C0: 26 CC 3C 9D E5 60 BE BE   A1 E6 D5 79 66 F9 0C FD  &.<..`.....yf...
2014/11/28 15:03:43 | INFO   | jvm 1    | 00D0: BB 9E 36 E5 31 FC D4 68   8A 06 8D A0 0B 68 BA 2B  ..6.1..h.....h.+
2014/11/28 15:03:43 | INFO   | jvm 1    | 00E0: 1E AF 51 4A 6C BC 2D 7D   B4 04 EA D6 DA 28 9B 64  ..QJl.-......(.d
2014/11/28 15:03:43 | INFO   | jvm 1    | 00F0: F9 FF 35 7B E7 91 02 01   37 E7 C2 AA 8D 1E 48 22  ..5.....7.....H"
2014/11/28 15:03:43 | INFO   | jvm 1    |
2014/11/28 15:03:43 | INFO   | jvm 1    | ]
2014/11/28 15:03:43 | INFO   | jvm 1    | ***
2014/11/28 15:03:43 | INFO   | jvm 1    | *** ECDH ServerKeyExchange
2014/11/28 15:03:43 | INFO   | jvm 1    | Signature Algorithm SHA512withRSA
2014/11/28 15:03:43 | INFO   | jvm 1    | Server key: SunPKCS11-NSSfips EC public key, 256 bits (id 1668, session object)
2014/11/28 15:03:43 | INFO   | jvm 1    |   public x coord: 22811020849167726801730368600918463139597169803826118722525163464343792847845
2014/11/28 15:03:43 | INFO   | jvm 1    |   public y coord: 73886304187565809239631250457098470068449769526968865962213829575389354072377
2014/11/28 15:03:43 | INFO   | jvm 1    |   parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
2014/11/28 15:03:43 | INFO   | jvm 1    | *** ServerHelloDone
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, WRITE: TLSv1.2 Handshake, length = 1237
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, READ: TLSv1.2 Handshake, length = 70
2014/11/28 15:03:43 | INFO   | jvm 1    | *** ECDHClientKeyExchange
2014/11/28 15:03:43 | INFO   | jvm 1    | ECDH Public value:  { 4, 121, 116, 89, 85, 251, 91, 15, 91, 227, 244, 77, 243, 1, 197, 145, 33, 117, 182, 143, 76, 42, 19, 121, 131, 88, 88, 58, 225, 42, 50, 178, 100, 17, 18, 128, 220, 237, 192, 247, 67, 173, 13, 185, 114, 213, 250, 172, 58, 145, 158, 237, 115, 94, 129, 246, 254, 151, 126, 190, 182, 240, 45, 57, 62 }
2014/11/28 15:03:43 | INFO   | jvm 1    | SESSION KEYGEN:
2014/11/28 15:03:43 | INFO   | jvm 1    | PreMaster Secret:
2014/11/28 15:03:43 | INFO   | jvm 1    | (key bytes not available)
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, handling exception: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
2014/11/28 15:03:43 | INFO   | jvm 1    | %% Invalidated:  [Session-136, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, SEND TLSv1.2 ALERT:  fatal, description = internal_error
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, WRITE: TLSv1.2 Alert, length = 2
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, called closeSocket()
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, IOException in getSession():  javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
2014/11/28 15:03:43 | INFO   | jvm 1    | Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2014/11/28 15:03:43 | INFO   | jvm 1    | Fri Nov 28 15:03:43 IST 2014|WARNING|Thread-601|ccs.comp.clientproxy.ProxiedClientListener$ProxyConnection.run
2014/11/28 15:03:43 | INFO   | jvm 1    |       Error processing requests from proxied client : unestablished
2014/11/28 15:03:43 | INFO   | jvm 1    |       Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips (java.security.ProviderException); Root cause: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips (java.security.NoSuchAlgorithmException)
2014/11/28 15:03:43 | INFO   | jvm 1    |       javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at java.io.DataInputStream.readByte(DataInputStream.java:265)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at ccs.comp.clientproxy.ProxiedClientListener$ProxyConnection.getNext(ProxiedClientListener.java:438)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at ccs.comp.clientproxy.ProxiedClientListener$ProxyConnection.run(ProxiedClientListener.java:245)
2014/11/28 15:03:43 | INFO   | jvm 1    |       Caused by: javax.net.ssl.SSLException: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1842)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1825)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1346)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:2171)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at ccs.comp.clientproxy.ProxiedClientListener.listen(ProxiedClientListener.java:126)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at ccs.comp.clientproxy.ProxiedClientListener.run(ProxiedClientListener.java:105)
2014/11/28 15:03:43 | INFO   | jvm 1    |       Caused by: java.security.ProviderException: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1060)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:999)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:234)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
2014/11/28 15:03:43 | INFO   | jvm 1    |               ... 3 more
2014/11/28 15:03:43 | INFO   | jvm 1    |       Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.jca.GetInstance.getService(GetInstance.java:100)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at javax.crypto.JceSecurity.getInstance(JceSecurity.java:109)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:287)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:269)
2014/11/28 15:03:43 | INFO   | jvm 1    |               at sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1052)
2014/11/28 15:03:43 | INFO   | jvm 1    |               ... 10 more

Run Code Online (Sandbox Code Playgroud)

Answer 1

jww*_*jww 1

由于服务器不支持 TLS 1.2，因此我在客户端禁用了 TLS 1.2。

我无法弄清楚为什么“即使”在客户端禁用 TLS 1.2 之后握手也会失败。你能帮我解决这个问题吗？

和：

...
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, WRITE: TLSv1.2 Alert, length = 2
2014/11/28 15:03:43 | INFO   | jvm 1    | Thread-31, called closeSocket()

Run Code Online (Sandbox Code Playgroud)

只是猜测，TLS 1.1 及更早版本中的 PRF（伪随机函数）使用 MD5（和 SHA1）。TLS 1.2 PRF 使用 SHA2 系列 (IIRC)。该库可能对 MD5 过于热心。

这有点像试图半怀孕。如何在一个功能内部允许 MD5，但在其他功能上不允许它，并且仍然通过测试实验室的验证？

因此，您应该尝试使用这些库并启用 TLS 1.2。

该客户端是一个基于 Java Swing 的客户端应用程序，使用 Java Web Start 启动。

我认为您应该执行的第一步是删除无法处理 TLS 1.2 的 Java 客户端，并验证服务器按预期工作。这将为您提供某种基线。

您可以使用以下 OpenSSL 命令来测试启用了 TLS 1.2 的服务器：

openssl s_client -tls1_2 -connect www.example.com:443 -servername www.example.com

Run Code Online (Sandbox Code Playgroud)

您还可以使用该-cipher选项指定特定的密码。例如，TLS_RSA_WITH_AES_128_CBC_SHA在AES128-SHAOpenSSL 中：

openssl s_client -tls1_2 -connect www.example.com:443 -servername www.example.com -cipher AES128-SHA

Run Code Online (Sandbox Code Playgroud)

您甚至可以使用类似的内容来控制页面（请注意添加-ign_eof）：

echo -e "GET / HTTP/1.1\r\nHost:www.example.com\r\n\r\n" |  openssl s_client -ign_eof -tls1_2 -connect...

Run Code Online (Sandbox Code Playgroud)

在 Java 8 之前，Java 在 TLS 协议和密码套件方面相当蹩脚。虽然 TLS 1.1 和 1.2 可用，但在 Java 7 及更早版本中默认情况下并未启用。您需要明确启用它们。

此外，即使您没有要求，Java 也会偷偷加入 SSLv3。要亲自查看，请尝试SSLContext.getInstance("TLS")查看 SSLv3 是否已启用协议:)

您可以在为 SSL 套接字启用哪些密码套件？中查看启用可用协议和密码套件的示例。

有趣的是，NIST 允许在 TLS 中使用 MD5 作为 PRF。但这是一个非常具体的例外。这是允许的，因为 PRF 不需要抗碰撞特性——它只需要提取熵。

以下内容来自 NIST 的SP 800-135：

P_MD5 和 P_SHA-1 的输出被异或在一起以产生 PRF 输出。该 PRF 既用作生成主密钥的随机性提取步骤，又用作从主密钥导出协议密钥材料的密钥扩展步骤。

当满足以下条件时，TLS 1.0 和 1.1 KDF 获得批准：
(1) TLS 1.0 和 1.1 KDF 在 TLS 协议的上下文中执行。
(2) SHA-1 和 HMAC 分别在 FIPS 180-3 和 198-1 中指定。

归档时间：	11 年前
查看次数：	18242 次
最近记录：	10 年，12 月前