1. 首頁
  2. 問答
  3. Akka Http HTTPS配置導致Chrome返回ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Akka Http HTTPS配置導致Chrome返回ERR_SSL_VERSION_OR_CIPHER_MISMATCH

2016-03-26 26 views
0

我正在嘗試使用自簽名證書在我的akka​​-http服務器(localhost)上獲得安全連接。我沒有成功。Akka Http HTTPS配置導致Chrome返回ERR_SSL_VERSION_OR_CIPHER_MISMATCH

ssl上的Akka-http文檔有點含糊。我試圖收集來自各地的信息,但仍無法讓這個工作。

我創建了一個SSL特質象下面這樣: 

trait MySslConfiguration { 

    def serverContext: HttpsContext = { 
    val password = "password".toCharArray 
    val context = SSLContext.getInstance("TLSv1.2") 
    val keyStore = KeyStore.getInstance("jks") 
    val keyStoreResource = "/scruples_keystore.jks" 
    val keyManagerFactory = KeyManagerFactory.getInstance("SunX509") 
    val trustManagerFactory = TrustManagerFactory.getInstance("SunX509") 
    keyStore.load(getClass.getClassLoader.getResourceAsStream(keyStoreResource), password) 
    keyManagerFactory.init(keyStore, password) 
    trustManagerFactory.init(keyStore) 
    context.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getManagers, new SecureRandom()) 
    val sslParams = context.getDefaultSSLParameters 
    sslParams.setEndpointIdentificationAlgorithm("HTTPS") 
    HttpsContext(sslContext = context 
    sslParameters = Some(sslParams), 
    enabledProtocols = Some(List("TLSv1.2", "TLSv1.1", "TLSv1"))) 
    } 

}

我的特點添加到我的服務器啓動像這樣: 

object Main extends App with Core with RestInterface with MySslConfiguration { 
    val metricRegistry = new com.codahale.metrics.MetricRegistry() 
    override implicit val injector = GlobalInjector.getInjector 
    override implicit val system: ActorSystem = injector.instance[ActorSystem] 

    override def config: Config = injector.instance[Config] 

    override implicit def executor: ExecutionContextExecutor = system.dispatcher 

    override val logger: LoggingAdapter = Logging(system, getClass) 
    override implicit val materializer: Materializer = ActorMaterializer() 


    val routes = allRoutes 

    Http().bindAndHandle(routes, config.getString("http.host"), config.getInt("http.port"), httpsContext = Some(serverContext))

自簽署JKS密鑰庫的創建如下:

keytool -genkey -keyalg RSA -keysize 2048 -keystore scruples_keystore.jks -alias myalias

有人可以幫忙嗎?

我在做什麼錯了?我確信有一個配置問題,但似乎無法弄清楚。

另一個問題是,如果我使用來自CA的適當證書,會發生什麼變化?

非常感謝

來源

2016-03-26 fintis

+0

Akka Http使用ssl-config庫,它有自己的大量文檔:http://typesafehub.github.io/ssl- config /(它是從Play-WS中提取的,並作爲獨立庫被提取,現在也被Akka-Http使用)。另請參閱項目https://github.com/typesafehub/ssl-config –

+0

感謝您指引我朝着正確的方向發展。我已經按照上面發佈的文檔中所述的方式添加了配置,但仍然無法使其工作。您可以發佈自簽名證書的示例代碼/配置嗎?我是否創建配置並調用'SSLContext.getDefault',以便在啓動服務器時在綁定方法中配置'HTTPContext'?我甚至嘗試設置'ssl-config-ssl.default = true',但仍然沒有讓服務器響應https請求 – fintis

回答

0

它使原來,指定密鑰存儲位置爲val keyStoreResource = "/scruples_keystore.jks"是問題。指定密鑰存儲位置爲val keyStoreResource = "scruples_keystore"做了訣竅,並且與全世界一切都很好...

來源

2016-03-26 22:16:26 fintis

相關問題

 相關問題