Thank you first for your reply :)
I add TLSv1 to jdk.tls.disabledAlgorithms of JRE java.security file, in
this way I can resolve the problem, but the modify will globally affect,
for example there is a java app needs TLSv1.
Otherwise, I have tried "jdk.tls.client.protocols" system property, but it
does not achieve the desired effect.
I have tried to invoke "setEnabledProtocols" method
of javax.net.ssl.SSLEngine class on my java test code, it can achieve the
desired effect.
The relevant AKKA source code of akka.remoting as follow:
case Some(context) ⇒
log.debug("Using client SSL context to create SSLEngine ...")
new SslHandler({
val sslEngine = context.createSSLEngine
sslEngine.setUseClientMode(true)
sslEngine.setEnabledCipherSuites(settings.SSLEnabledAlgorithms.
toArray)
sslEngine.setEnabledProtocols(Array("TLSv1.2")) => Add this
line can resovle my problem, but I don't want to modify AKKA source code :(
sslEngine
Is there a way to set ssl option without modify AKKA source code?
Thank you.
在 2016年7月27日星期三 UTC+8上午4:02:45,Will Sargent写道:
>
> You can set the "jdk.tls.client.protocols" system property to set options
> for the JVM -- this is a feature that is only available in JDK 1.8 though.
>
>
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSE_Protocols
>
> Otherwise, you would have to set the security
> property jdk.tls.disabledAlgorithms to add TLSv1 specifically.
>
>
> Will Sargent
> Engineer, Lightbend, Inc.
>
>
> On Tue, Jul 26, 2016 at 1:12 AM, <[email protected] <javascript:>>
> wrote:
>
>> Configure file as follow:
>> # Protocol to use for SSL encryption, choose from:
>> # Java 6 & 7:
>> # 'SSLv3', 'TLSv1'
>> # Java 7:
>> # 'TLSv1.1', 'TLSv1.2'
>> protocol = "TLSv1.2"
>>
>>
>> When I use nmap to scan, I find that TLSv1 is enabled:
>> D:\softwares\nmap-7.12>nmap -p xxxx --script=ssl* x.x.x.x --unprivileged
>>
>>
>> Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-26 15:33
>> °?′óà????÷2?±ê×?ê±??
>> Nmap scan report for x.x.x.x
>> Host is up (1.0s latency).
>> PORT STATE SERVICE
>> xxxx/tcp open unknown
>> | ssl-enum-ciphers:
>> | TLSv1.0:
>> | ciphers:
>> | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) -A
>> | compressors:
>> | NULL
>> | cipher preference: indeterminate
>> | cipher preference error: Too few ciphers supported
>> | TLSv1.1:
>> | ciphers:
>> | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) -A
>> | compressors:
>> | NULL
>> | cipher preference: indeterminate
>> | cipher preference error: Too few ciphers supported
>> | TLSv1.2:
>> | ciphers:
>> | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) -A
>> | compressors:
>> | NULL
>> | cipher preference: indeterminate
>> | cipher preference error: Too few ciphers supported
>> |_ least strength: A
>> MAC Address: xx:xx:xx:xx:xx:xx
>>
>>
>> Nmap done: 1 IP address (1 host up) scanned in 3.88 seconds
>>
>>
>> D:\softwares\nmap-7.12>
>>
>> I want to disable TLSv1. Any method?
>> Thank you.
>>
>>
>> --
>> >>>>>>>>>> Read the docs: http://akka.io/docs/
>> >>>>>>>>>> Check the FAQ:
>> http://doc.akka.io/docs/akka/current/additional/faq.html
>> >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Akka User List" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> Visit this group at https://groups.google.com/group/akka-user.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
