首页 > 编程语言 >java 访问ingress https报错javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version

java 访问ingress https报错javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version

时间:2023-06-08 17:46:33浏览次数:50  
标签:Received ingress AES256 RSA SHA AES128 报错 ECDHE SHA256

一、报错及部署环境

Java程序访问测试域名https方法正常,访问生产域名https域名报错,报错如下
javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version

测试环境使用KubeSphere ingress  
生产环境使用阿里云ACK服务的ingress配置 

二、问题原因

客户端和服务端SSL协议版本不一致。

三、解决方案

配置两端使用支持的SSL协议版本

四、解决步骤

1.查看测试环境和生产环境ingress协议差异 

生产环境(如果没有npm命令直接yum安装)

测试环境

可以看到实际上是两端的加密算法协商失败

2.修改阿里云ACK ingress,添加TLS协议及支持的算法 

 kubectl edit cm -n kube-system nginx-configuration #修改ingress配置
  ssl-ciphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  ssl-protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3

3.更新ingress 

kubectl scale --replicas=0  deployments.apps -n kube-system nginx-ingress-controller #慎用,可以
kubectl scale --replicas=10  deployments.apps -n kube-system nginx-ingress-controller

4.验证

 

标签:Received,ingress,AES256,RSA,SHA,AES128,报错,ECDHE,SHA256
From: https://www.cnblogs.com/panwenbin-logs/p/17467233.html

相关文章

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99