您的位置:首页 > 理论基础 > 计算机网络

centos6.5 openjdk https/ssl兼容性错误ECKeyPairGenerator.generateKeyPair

2015-09-08 22:09 483 查看
阿里云centos6.5下使用新版openjdk7(OpenJDK 64-Bit Server VM (build 24.85-b03, mixed mode)) 会碰到一个比较无奈的问题, trust all https get请求在本地oracle jdk 或低些版本的openjdk都没问题, 放到阿里云就可能会报一下错, 本人案例是在微信OAUTH交换采访令牌环时报错.

Caused by: java.security.ProviderException: java.security.KeyException

at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146)

at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704)

at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:78)

at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:714)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:278)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1035)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)

不是这个原因
http://bbs.aliyun.com/read/255711.html?fpage=3
类似的案例
http://jenkins-ci.361315.n4.nabble.com/Using-Java-1-7-and-SSL-self-signed-certs-td4755143.html https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/989240
ldd /usr/lib/jvm/lib/amd64/libsunec.so 依赖的是libnss, 先升级到最新好像就可以了.

也看了下${jre_home}/lib/security/java.security, 好像可以开启10

# the NSS security provider was not enabled for this build; it can be enabled

# if NSS (libnss3) is available on the machine. The nss.cfg file may need

# editing to reflect the location of the NSS installation.

#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg

oracle jdk应该测试稳定多些, 他可能尽量使用了静态库, 毕竟oracle jdk安装之后是比较大, 而openjdk似乎蛮多是动态库, 但是wget很难下载到oracle jdk, 将就用着吧
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航