在阿里云的CentOS 6.5环境中,使用OpenJDK 7时遇到HTTPS/SSL兼容性问题,导致请求失败。错误涉及ECKeyPairGenerator生成密钥对时抛出ProviderException。解决方案包括更新libnss到最新版本,并检查${java.home}/lib/security/java.security配置文件,启用NSS安全提供者。
阿里云centos6.5下使用新版openjdk7(OpenJDK 64-Bit Server VM (build 24.85-b03, mixed mode)) 会碰到一个比较无奈的问题, trust all https get请求在本地oracle jdk 或低些版本的openjdk都没问题, 放到阿里云就可能会报一下错, 本人案例是在微信OAUTH交换采访令牌环时报错.
Caused by: java.security.ProviderException: java.security.KeyException
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:78)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:714)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
不是这个原因
http://bbs.aliyun.com/read/255711.html?fpage=3
类似的案例
http://jenkins-ci.361315.n4.nabble.com/Using-Java-1-7-and-SSL-self-signed-certs-td4755143.html
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/989240
ldd /usr/lib/jvm/lib/amd64/libsunec.so 依赖的是libnss, 先升级到最新好像就可以了.
也看了下${jre_home}/lib/security/java.security, 好像可以开启10
# the NSS security provider was not enabled for this build; it can be enabled
# if NSS (libnss3) is available on the machine. The nss.cfg file may need
# editing to reflect the location of the NSS installation.
#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
oracle jdk应该测试稳定多些, 他可能尽量使用了静态库, 毕竟oracle jdk安装之后是比较大, 而openjdk似乎蛮多是动态库, 但是wget很难下载到oracle jdk, 将就用着吧
扫一扫
812
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
