解决IE8下FlashSocket无法连接java websocket的问题

参考文章: iOS 与 Java 服务器之间 SSL 握手失败的解决:Cipher Suites

Flash socket在IE8下会使用TLSv1进行通信,且Cipher suites只有有限几项jre默认不支持的。 我服务端用的是Springboot+Tomcat Embed,开启debug之后会看到cipher suite不支持的异常:not found cipher suites in common。

IE8的Cipher Suites: 
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)     
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)     
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)    
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)     
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)     
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)

而一般现在装的jdk/jre都是不包含这些的。


可以通过下载下面这个jar替换掉jre的lib/security目录下的两个jar包进行添加。

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

添加完成之后需要在配置文件中 server.ssl.ciphers 加入,我下面列了一个比较全的,可以用这个替换。    

ciphers: TLS_ECDH_anon_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_RC4_128_SHA
TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Read: 170

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注