socket Java 7 e TLSv1.2

Question

Sto provando a connettermi a un server Web con crittografia. Il server Web consente solo le connessioni tramite il protocollo TLSv1.2.

Ho modificato questo frammento da official doc

import java.net.*; 
import java.io.*; 
import javax.net.ssl.*; 

/* 
* This example demostrates how to use a SSLSocket as client to 
* send a HTTP request and get response from an HTTPS server. 
* It assumes that the client is not behind a firewall 
*/ 

public class SSLSocketClient { 

public static void main(String[] args) throws Exception { 
    try { 
     String host = "172.20.172.106"; 
     SSLSocketFactory factory = 
       (SSLSocketFactory) SSLSocketFactory.getDefault(); 
     SSLSocket socket = (SSLSocket) factory.createSocket(host, 443); 
     String[] protocols = socket.getEnabledProtocols(); 
     System.out.println("Enabled Protocols: "); 
     for (int i = 0; i < protocols.length; i++) { 
      System.out.println(protocols[i] + ", "); 
     } 
     String[] supportedProtocols = socket.getSupportedProtocols(); 
     System.out.println("Supported Protocols: "); 
     for (int i = 0; i < protocols.length; i++) { 
      System.out.println(supportedProtocols[i] + ", "); 
     } 
     String[] goodProtocols = new String[1]; 
     goodProtocols[0] = "TLSv1.2"; 
     socket.setEnabledProtocols(goodProtocols); 
     protocols = socket.getEnabledProtocols(); 
     System.out.println("Set Protocols: "); 
     for (int i = 0; i < protocols.length; i++) { 
      System.out.println(protocols[i] + ", "); 
     } 
     /* 
     * send http request 
     * 
     * Before any application data is sent or received, the 
     * SSL socket will do SSL handshaking first to set up 
     * the security attributes. 
     * 
     * SSL handshaking can be initiated by either flushing data 
     * down the pipe, or by starting the handshaking by hand. 
     * 
     * Handshaking is started manually in this example because 
     * PrintWriter catches all IOExceptions (including 
     * SSLExceptions), sets an internal error flag, and then 
     * returns without rethrowing the exception. 
     * 
     * Unfortunately, this means any error messages are lost, 
     * which caused lots of confusion for others using this 
     * code. The only way to tell there was an error is to call 
     * PrintWriter.checkError(). 
     */ 
     socket.startHandshake(); 

     PrintWriter out = new PrintWriter(
       new BufferedWriter(
         new OutputStreamWriter(
           socket.getOutputStream()))); 

     out.println("GET/HTTP/1.0"); 
     out.println(); 
     out.flush(); 

     /* 
     * Make sure there were no surprises 
     */ 
     if (out.checkError()) 
      System.out.println(
        "SSLSocketClient: java.io.PrintWriter error"); 

     /* read response */ 
     BufferedReader in = new BufferedReader(
       new InputStreamReader(
         socket.getInputStream())); 

     String inputLine; 
     while ((inputLine = in.readLine()) != null) 
      System.out.println(inputLine); 

     in.close(); 
     out.close(); 
     socket.close(); 

    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
} 
} 

Ora, se corro questo codice con JRE 8 tutto funziona bene.

Questa è l'uscita ottengo

Enabled Protocols: 
TLSv1, 
TLSv1.1, 
TLSv1.2, 
Supported Protocols: 
SSLv2Hello, 
SSLv3, 
TLSv1, 
Set Protocols: 
TLSv1.2, 
HTTP/1.1 302 Moved Temporarily 
Connection: close 
Content-Type: text/html; charset=ISO-8859-1 
Content-Length: 0 
Date: Mon, 09 Feb 2015 15:08:25 GMT 
Expires: 0 
Cache-Control: no-cache 
X-Content-Type-Options: nosniff 
X-XSS-Protection: 1; mode=block 
Server: PRTG/15.1.13.1382 
Location: /index.htm 

Ma se provo con JRE1.7.0_75 con -Djavax.net.debug=all ottengo il seguente

Enabled Protocols: 
TLSv1, 
Supported Protocols: 
SSLv2Hello, 
Set Protocols: 
TLSv1.2, 

keyStore is : 
keyStore type is : jks 
keyStore provider is : 
init keystore 
init keymanager of type SunX509 
trustStore is: C:\Program Files\Java\jdk1.7.0_75\jre\lib\security\cacerts 
trustStore type is : jks 
trustStore provider is : 
init truststore 

...SKIPPING CERTIFICATE INIT... 

trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
Enabled Protocols: 
TLSv1, 
Supported Protocols: 
SSLv2Hello, 
Set Protocols: 
TLSv1.2, 
%% No cached client session 
*** ClientHello, TLSv1.2 
RandomCookie: GMT: 1406651565 bytes = { 85, 112, 165, 115, 135, 15, 171, 1, 167, 182, 47, 68, 233, 53, 164, 111, 112, 244, 51, 252, 240, 40, 178, 238, 204, 215, 13, 137 } 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
*** 
[write] MD5 and SHA1 hashes: len = 179 
0000: 01 00 00 AF 03 03 54 D8 CD AD 55 70 A5 73 87 0F ......T...Up.s.. 
0010: AB 01 A7 B6 2F 44 E9 35 A4 6F 70 F4 33 FC F0 28 ..../D.5.op.3..(
0020: B2 EE CC D7 0D 89 00 00 2A C0 09 C0 13 00 2F C0 ........*...../. 
0030: 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 ....3.2......... 
0040: 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ................ 
0050: 04 00 FF 01 00 00 5C 00 0A 00 34 00 32 00 17 00 ......\...4.2... 
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................ 
0090: 0B 00 02 01 00 00 0D 00 1A 00 18 06 03 06 01 05 ................ 
00A0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................ 
00B0: 02 01 01           ... 
main, WRITE: TLSv1.2 Handshake, length = 179 
[Raw write]: length = 184 
0000: 16 03 03 00 B3 01 00 00 AF 03 03 54 D8 CD AD 55 ...........T...U 
0010: 70 A5 73 87 0F AB 01 A7 B6 2F 44 E9 35 A4 6F 70 p.s....../D.5.op 
0020: F4 33 FC F0 28 B2 EE CC D7 0D 89 00 00 2A C0 09 .3..(........*.. 
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../.....3.2.... 
0040: 00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................ 
0050: C0 02 C0 0C 00 04 00 FF 01 00 00 5C 00 0A 00 34 ...........\...4 
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2.............. 
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................ 
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................ 
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................ 
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................ 
00B0: 02 03 02 01 02 02 01 01       ........ 
[Raw read]: length = 5 
0000: 15 03 03 00 02          ..... 
[Raw read]: length = 2 
0000: 02 28            .(
main, READ: TLSv1.2 Alert, length = 2 
main, RECV TLSv1 ALERT: fatal, handshake_failure 
main, called closeSocket() 
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) 
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) 
    at SSLSocketClient.main(SSLSocketClient.java:96) 

jdk7 dovrebbe sostenere TLSv1.2, ma io don' lo vedo nei protocolli supportati in uscita

Answer 1

Finalmente ho trovato il problema: il server PRTG che sto cercando di connettere quando impostato in modalità SSL security: high security sembra accettare solo con riserva allacciamenti utilizzando TLSv1.2 e cifratura TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, che è disponibile solo su Java 8.

@Petesh grazie per il vostro sostegno

Answer 2

PRTG supporta 4 ciphers con la modalità di impostazione alta sicurezza.

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 

Nessuno di questi sono nella distribuzione standard di Java 1.7

Tuttavia, nel Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download esso include TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

È necessario scaricare l'illimitato forza zip e sostituire i file local_policy.jar e US_export_policy.jar in JRE_HOME/lib/security con quelli del download.

A cura 2016/02/12:

È inoltre necessario abilitare la versione appropriata TLS tramite la proprietà di sistema:

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2