sam*_*jay 3 java encryption tomcat jsse
JSSE在Apache Tomcat服务器中支持的密码是什么?如何启用AES256并重新排序密码?
1)您很可能现在没有安装无限强度文件.
您可能需要下载此文件:
Java密码术扩展(JCE)无限强度管辖权政策文件7下载 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
安装文件
${java.home}/jre/lib/security/
2)编辑您的server.xml文件并仅输入256位密码:
示例:仅限W/256
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="keystore.p12"
keystorePass="<MY_PASSWORD>" keystoreType="PKCS12"
clientAuth="want" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
ciphers="ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" />
示例:W/256和128
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="keystore.p12"
keystorePass="<MY_PASSWORD>" keystoreType="PKCS12"
clientAuth="want" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
3)重启tomcat并点击主默认tomcat页面:
https://localhost:8443/
参考文献:
= = = = = = = = = = = = =
java aes 256 java.security.InvalidKeyException:安装策略后非法密钥大小
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_BIO_and_NIO
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4
http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
http://blog.bitmelt.com/2013/11/tomcat-ssl-hardening.html