2

我们正在从 Jenkins 调用 gradle build,而使用的 Java 是 IBM java 1.8。构建完成后,打包的 ear 文件应该在 Artifactory 上发布,这就是它失败的地方,因为它使用的是 TLSv1,而 artifactory 服务器使用的是 TLSv1.2(RECV TLSv1.2 ALERT:fatal,protocol_version)。我们已经指定了参数来尝试强制它使用 TLSv1.2 但无济于事。

如果我们只是将 Java 从 IBM java 切换到 OpenJDK,一切正常,但我们必须使用 IBM JDK。

以下是日志的摘录,任何见解将不胜感激。

16:37:27  BUILD_ID=52
16:37:27  JAVA_TOOL_OPTIONS=-Duser.home=/home/jenkins -Dhttps.protocols=TLSv1.2 -Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12 -Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all  -Dcom.ibm.jsse2.disablesslv3=false -Djdk.tls.client.protocols=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Djdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1

16:39:49  jdk.tls.client.protocols is defined as TLSv1.2
16:39:49  SSLv3 protocol was requested but was not enabled
16:39:49  SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49  SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
16:39:49  CLIENT_DEFAULT: [TLSv1.2]
16:39:49  IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
16:39:49  IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
16:39:49  IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
16:39:49  IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
16:39:49  IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
16:39:49  
16:39:49  Is initial handshake: true
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
16:39:49  Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
16:39:49  %% No cached client session
16:39:49  *** ClientHello, TLSv1
16:39:49  RandomCookie:  GMT: 1595384853 bytes = { 107, 178, 131, 155, 114, 248, 46, 134, 176, 84, 230, 191, 243, 124, 238, 63, 233, 106, 234, 197, 151, 26, 164, 199, 46, 116, 65, 30 }
16:39:49  Session ID:  {}
16:39:49  Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA]
16:39:49  Compression Methods:  { 0 }
16:39:49  Extension elliptic_curves, curve names: {secp256r1, secp192r1, secp224r1, secp384r1, secp521r1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp256k1}
16:39:49  Extension ec_point_formats, formats: [uncompressed]
16:39:49  Extension server_name, server_name: [type=host_name (0), value=artifactory..xxx.xxx]
16:39:49  ***
16:39:49  [write] MD5 and SHA1 hashes:  len = 123

16:39:49  [Raw read]: length = 2
16:39:49  0000: 02 46                                              .F
16:39:49  
16:39:49  pool-1-thread-1, READ: TLSv1 Alert, length = 2
16:39:49  pool-1-thread-1, RECV TLSv1.2 ALERT:  fatal, protocol_version
**16:39:49  pool-1-thread-1, called closeSocket()
16:39:49  pool-1-thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: protocol_version
16:39:49  Error occurred for request GET /artifactory/api/system/version HTTP/1.1: Received fatal alert: protocol_version.**```
4

1 回答 1

0

尝试更新您的 gradle.properties 以拥有:

systemProp.com.ibm.jsse2.overrideDefaultTLS=true

于 2020-07-23T13:00:29.900 回答