javax.net.ssl.SSLException：服務器選擇不正確的密碼套件SSL_RSA_WITH_DES_CBC_SHA

Question

當通過HTTPS連接提供applet時，出現以下異常。

在Java 1.7.0_25上遇到了這個問題，但在java 1.6上沒有。

當我看着java支持的夾克衫（http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#PLUG）時，我在列表中看到SSL_RSA_WITH_DES_CBC_SHA。

有沒有人遇到這個錯誤？我應該怎樣處理這個錯誤？

Java Plug-in 10.25.2.15 
Using JRE version 1.7.0_25-b15 Java HotSpot(TM) 64-Bit Server VM 
User home directory = /home/mithat 
---------------------------------------------------- 
network: Cache entry not found [url: https://mytest.domain.tr/LoginWeb/myapplet.jar,  version: null] 
network: Connecting https://mytest.domain.tr/LoginWeb/myapplet.jar with proxy=DIRECT 
network: Connecting http://mytest.domain.tr:443/ with proxy=DIRECT 
javax.net.ssl.SSLException: Server selected improper ciphersuite SSL_RSA_WITH_DES_CBC_SHA 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266) 
    at sun.security.ssl.ClientHandshaker.serverHello(ClientHandshaker.java:464) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:143) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) 
    at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source) 
    at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source) 
    at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:205) 
    at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:71) 
    at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:88) 
    at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) 
network: Cache entry not found [url: https://mytest.domain.tr/LoginWeb/myapplet.jar, version: null] 
... 
network: Cache entry not found [url: https://mytest.domain.tr/LoginWeb/test/AppletTest.class, version: null] 
network: Connecting https://mytest.domain.tr/LoginWeb/test/AppletTest.class with proxy=DIRECT 
network: Connecting http://mytest.domain.tr:443/ with proxy=DIRECT 
java.lang.ClassNotFoundException: test.AppletTest 
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) 
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) 
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) 
    at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) 
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357) 
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) 
    at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) 
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) 
    at java.lang.Thread.run(Thread.java:724) 
    ... 
security: Reset deny session certificate store 
basic: Dialog type is not candidate for embedding 

Answer 1

最有可能的問題可能與反向代理設置有關。例如在Apache中，你必須在參數下面設置。

ProxyPass /foo http://foo.example.com/bar 
ProxyPassReverse /foo http://foo.example.com/bar 

您可以爲其他反向代理服務器找到類似的選項。

Answer 2

我們通過Wireshark的方式檢查了網絡，發現服務器選擇了實際上不在client-hello中的提到的chipher套件，並且在Java8中被禁用。更改網絡設備問題的SSL模塊後解決。您可以在java here中找到默認支持的芯片組套件。