根据https://www.ssllabs.com,服务器支持密码套件
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_GCM_SHA384TLS_DHE_RSA_WITH_AES_256_CBC_SHA256TLS_DHE_RSA_WITH_AES_256_CBC_SHA
如调试消息中所见,它们被列为“不可用的密码套件”。
在JRE / lib / security / local_policy.jar中,我们看到
// Some countries have import limits on crypto strength. This policy file// is worldwide importable.grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128,"javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128;};下载并安装“(JCE)无限强度管辖权策略文件”-http:
//www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html-我可以确认问题已解决。自述文件说
由于某些国家/地区的导入控制限制,因此Java Runtime Environment或JRETM
8环境中捆绑的JCE策略文件的版本允许使用“强”但受限的加密。此下载包(包括此README文件的下载包)提供了“无限强度”策略文件,其中不包含对加密强度的限制。
