Sac*_*hin 4 ssl ssl-certificate
Tomcat服务器启动成功。但一旦点击 https://localhost:8443,我就会在服务器上看到重复的错误(日志如下)。在 Chrome 浏览器上,我看到 This site can\xe2\x80\x99t Provide a secure connection, localhost sent an invalid response ERR_SSL_PROTOCOL_ERROR。一些我如何设法在 safari 中运行 localhost 但 chrome 仍然有问题。任何帮助,将不胜感激。谢谢
SEVERE [https-jsse-nio-8443-exec-7] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun \n java.lang.NullPointerException\n at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source)\n at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSign(Unknown Source)\n at java.security.Signature$Delegate.engineSign(Signature.java:1382)\n at java.security.Signature.sign(Signature.java:698)\n at sun.security.ssl.CertificateVerify$T13CertificateVerifyMessage.<init>(CertificateVerify.java:931)\n at sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.onProduceCertificateVerify(CertificateVerify.java:1105)\n at sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.produce(CertificateVerify.java:1098)\n at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:420)\n at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1096)\n at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1032)\n at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:716)\n at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:683)\n at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)\n at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)\n at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983)\n at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970)\n at java.security.AccessController.doPrivileged(Native Method)\n at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917)\n at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423)\n at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483)\n at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)\n at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1475)\n at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n at java.lang.Thread.run(Thread.java:748)\n小智 6
我在更新到 openjdk-1.8.0_275 时遇到了这个问题。在 java.security 中禁用“RSASSA-PSS”解决了我的问题。
打开${JAVA_HOME}/jre/lib/security/java.security并找到jdk.certpath.disabledAlgorithms添加RSASSA-PSS到列表末尾:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, RSASSA-PSS
我也看到其他人不得不TLS1.3在 tomcat 中禁用,但我不需要。
注意:这应该是一个临时的解决方法。支持和使用 TLSv1.3 是理想的场景 - 对我来说,由于客户的限制,目前这是不可能的。