无法调用TLS_RSA_WITH_AES_256_CBC_SHA256 5C

已经使用了jce_policy-8覆盖jdk1.8安全限制文件,可还是无法调用TLS1.2,请问大家什么原因?图片说明

2个回答

ye931732116
疯狂的小叶子 看清我的提问了吗?看清我做的步骤了吗
2 年多之前 回复

用最新的MQjar包,老版本MQjar包不支持tls1.2

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
Go get的TLS问题

<div class="post-text" itemprop="text"> <p>I'm trying to install etcctl from github. (P.S I don't know golang)</p> <p><code>git config --global http.sslVerify false go get github.com/coreos/etcd/etcdctl </code></p> <p>But I'm hitting the following. <code> github.com/coreos/etcd/vendor/go.uber.org/zap /root/projects/src/src/github.com/coreos/etcd/vendor/go.uber.org/zap/field.go:33: syntax error: unexpected = in type declaration github.com/coreos/etcd/pkg/tlsutil /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:26: undefined: tls.TLS_RSA_WITH_AES_128_CBC_SHA256 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:36: undefined: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:37: undefined: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:42: undefined: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 /root/projects/src/src/github.com/coreos/etcd/pkg/tlsutil/cipher_suites.go:43: undefined: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 </code></p> </div>

Tomcat配置ssl证书,https 可以用ip访问,但是会提示危险,不能用域名访问

![图片说明](https://img-ask.csdn.net/upload/202003/07/1583581576_335405.png) ![图片说明](https://img-ask.csdn.net/upload/202003/07/1583581635_379035.png) web.xml配置好了,如下 ``` <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="cert/domain.pfx" keystoreType="PKCS12" keystorePass="9La5wA0w" clientAuth="false" SSLProtocol="SSL" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,、 TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256"/> ``` 请问怎么才能用https+域名访问呢?证书是在阿里云上申请的有效期一年的证书。

HttpClient如何指定CipherSuites

代码如下: HttpClient httpclient = new DefaultHttpClient(); SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[]{tm},null ); System.out.println("缺省安全套接字使用的协议: " + ctx.getProtocol()); // 获取SSLContext实例相关的SSLEngine SSLEngine en = ctx.createSSLEngine(); System.out .println("支持的协议: " + Arrays.asList(en.getSupportedProtocols())); System.out.println("启用的协议: " + Arrays.asList(en.getEnabledProtocols())); System.out.println("支持的加密套件: " + Arrays.asList(en.getSupportedCipherSuites())); System.out.println("启用的加密套件: " + Arrays.asList(en.getEnabledCipherSuites())); 本机运行结果: 缺省安全套接字使用的协议: TLS 支持的协议: [SSLv2Hello, SSLv3, TLSv1] 启用的协议: [SSLv2Hello, SSLv3, TLSv1] 支持的加密套件: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_RC4_128_MD5, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] 启用的加密套件: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 这里如何指定启用的加密套件为TLS_RSA_WITH_AES_128_CBC_SHA,而不是默认的SSL_RSA_WITH_RC4_128_MD5

阿里云服务器ssl证书配置的问题

我按照阿里云提供的教程安装并配置了ssl证书,但是始终无法用https访问,http访问没问题,下面是各个端口的配置: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="C:\mysoft\apache-tomcat-8.0.38\apache-tomcat-8.0.38\conf\cert\214217316210179.pfx" keystoreType="PKCS12" keystorePass="214217316210179" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" /> 求大佬救急!!!

tomcat中http与https请求混用。

在web应用中启用了https配置。其中在server.xml中配置了80端口转443端口的配置,也在web.xml中进行https强制转换,具体见: <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> server中的配置为: <Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/> <Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" clientAuth="false" keystoreFile="xxxx" keystorePass="xxxx" maxThreads="150" port="443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="xxxx" truststorePass="xxxx"/> 现在要求:在https请求中,混用http请求,该如何配置。

Golang:给定常量值的名称

<div class="post-text" itemprop="text"> <p>How do you get the name of a constant given its value ?</p> <p>More specifically (and to get a more readable understanding), I'm working with the <code>crypto/tls</code> package. Cipher suites are defined as constants:</p> <pre><code>const ( TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 ) </code></pre> <p>After a successful handshake with a server, I can get to the Ciphersuite agreed on through the connection:</p> <pre><code>c, _ := tls.Dial("tcp", "somedomain.com:443", nil) // Suppose everything went right // This is the Ciphersuite for the conn: cipher := c.ConnectionState().Ciphersuite </code></pre> <p><code>cipher</code> here is an uint16. Is there a way to display it as a string, for instance <code>TLS_RSA_WITH_3DES_EDE_CBC_SHA</code> if that's what was agreed upon ?</p> </div>

golang tls.Config CiperSuites不限制客户端身份验证

<div class="post-text" itemprop="text"> <p>my tls.Config is set to not use ECDHE exchange so i can monitor my traffic in wireshark without having to get the client's keys.</p> <pre><code> config = &amp;tls.Config{ Certificates: []tls.Certificate{cpair}, MinVersion: tls.VersionTLS12, PreferServerCipherSuites: true, ClientAuth: tls.NoClientCert, CipherSuites: []uint16{tls.TLS_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, }, } </code></pre> <p>however, when analyzing the traffic in wireshark, i still see the connection being made with a ECDHE ciper suiete:</p> <pre><code> 62 ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange (cipher suite 0xC014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) and cannot be decrypted using a RSA private key file. </code></pre> </div>

android4.4版本访问alexa出现Unable to find acceptable protocols

java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384], tlsVersions=[TLS_1_2], supportsTlsExtensions=true)], supported protocols=[TLSv1.2] 5.0以上的版本就没有问题 请问缺少的协议可以安装或者添加吗? 或者有其他方法解决这个问题吗? 系统也是可以修改的

c#用httpwebrequest如何模拟抓取这样的网页信息

c#用httpwebrequest如何模拟抓取这样的网页信息,下面内容是用fiddler抓取的。 CONNECT user.cloudcall.hk:8080 HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1) AppleWebKit Host: user.cloudcall.hk:8080 Content-Length: 0 Connection: Keep-Alive Pragma: no-cache A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below. Version: 3.1 (TLS/1.0) Random: 52 79 06 13 A5 00 6B A2 19 9E 99 D6 BA E3 7E 93 BD 8B A1 26 18 3A 21 E7 F0 31 4C 4F 58 4A 41 73 SessionID: empty Extensions: renegotiation_info 00 server_name user.cloudcall.hk status_request 01 00 00 00 00 elliptic_curves 00 04 00 17 00 18 ec_point_formats 01 00 Ciphers: [002F] TLS_RSA_AES_128_SHA [0035] TLS_RSA_AES_256_SHA [0005] SSL_RSA_WITH_RC4_128_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [0032] TLS_DHE_DSS_WITH_AES_128_SHA [0038] TLS_DHE_DSS_WITH_AES_256_SHA [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA [0004] SSL_RSA_WITH_RC4_128_MD5 Compression: [00] NO_COMPRESSION

尝试使用Java连接https服务器时抛出SSLHandshakeException

<div class="post-text" itemprop="text"> <p>I tried to retrieve data from "<a href="https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100" rel="nofollow">https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100</a>" using Java. </p> <p>Also I tried to fix the problem with https using following options:-</p> <ol> <li><p>Added certificate (.pem extension file) to the keystore ($JAVA_HOME/jre/lib/security/cacerts) using Java keytool</p></li> <li><p>Added certificate authority to Ubuntu (/usr/local/share/ca-certificates) using update-ca-certificates command.</p></li> <li><p>Finally tried to disable the certificate validation and connect to the server. (SoftTouchConnection class and custom TrustAllX509TrustManager class here.)</p> <pre><code>package com.softtouch.com; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.URL; import java.security.Security; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import org.apache.commons.codec.binary.Base64; public class SoftTouchConnection { public static void main(String[] args) { try { System.out.println(System.getProperty("java.version")); System.setProperty("javax.net.debug", "ssl"); System.setProperty("sun.net.ssl.checkRevocation", "false"); java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); SSLContext sc = SSLContext.getInstance("SSL");//TLSv1.2 sc.init(null, new TrustManager[] {new TrustAllX509TrustManager() }, null);//new java.security.SecureRandom() HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String string, SSLSession ssls) { System.out.println("test HttpsURLConnection"); return true; } }); String userCredentialsnew = "abcdefghij01234567890klmnopqrstuvwxyz987";//"bearer abcdefghij01234567890klmnopqrstuvwxyz987"; String basicAuth = "Basic "+ new String(new Base64().encode(userCredentialsnew.getBytes()));; //+ new String(new Base64().encode(userCredentials.getBytes())); URL hh= new URL("https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100"); HttpsURLConnection conn = (HttpsURLConnection)hh.openConnection(); conn.setSSLSocketFactory(sc.getSocketFactory()); conn.setHostnameVerifier( new HostnameVerifier() { @Override public boolean verify(String string, SSLSession ssls) { System.out.println("test conn"); return true; } }); conn.setDoInput(true); conn.setDoOutput(false); conn.setUseCaches(false); conn.setRequestMethod("GET"); conn.setRequestProperty ("Authorization", basicAuth); conn.connect(); BufferedReader inn = new BufferedReader(new InputStreamReader(conn.getInputStream())); String inputLine; while ((inputLine = inn.readLine()) != null) { System.out.println(inputLine); } } catch (Exception e) { e.printStackTrace(); } } } package com.softtouch.com; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; public class TrustAllX509TrustManager implements X509TrustManager { public X509Certificate[] getAcceptedIssuers() { System.out.println("test1"); //return new X509Certificate[0]; return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs,String authType) { System.out.println("test2"); } public void checkServerTrusted(java.security.cert.X509Certificate[] certs,String authType) { System.out.println("test3"); } } </code></pre></li> </ol> <p>But so far I could not solve the problem. I received the"javax.net.ssl.SSLHandshakeException". I want connect to the server using Java. <strong>What will be the reason for this issue?</strong></p> <p>Note:- I tested "<a href="https://api.softtouch.eu/#/accounts/#/xxxxxxxx?take=100" rel="nofollow">https://api.softtouch.eu/#/accounts/#/xxxxxxxx?take=100</a>" connection with PHP. It is working well. But PHP source file has used following line to disable the SSL verification. curl_setopt($httpRequest, CURLOPT_SSL_VERIFYPEER, FALSE);</p> <p>This is the SSL debug text:- *** ClientHello, TLSv1.2 RandomCookie: GMT: 1425473345 bytes = { 113, 222, 27, 25, 227, 136, 38, 249, 128, 230, 125, 228, 156, 5, 175, 99, 22, 55, 227, 185, 101, 32, 160, 186, 72, 167, 247, 166 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA</p> <hr> <p>main, WRITE: TLSv1.2 Handshake, length = 195 main, READ: TLSv1.2 Alert, length = 2 main, RECV TLSv1.2 ALERT: fatal, handshake_failure main, called closeSocket()</p> </div>

SSL:No appropriate protocol(protocol is

**急!!使用的JDK版本是1.8,使用代码查看是支持tls1.2加密方式的,但是现在使用TLS_RSA_WITH_AES_256_CBC_SHA256就报No appropriate protocol而使用TLS_RSA_WITH_AES_256_CBC_SHA可以连接成功,想请教下大神问题出在哪里啊?![错误信息](https://img-ask.csdn.net/upload/201712/15/1513327357_489402.png)![测试代码](https://img-ask.csdn.net/upload/201712/15/1513327409_963696.png)

wpa_supplicant编译时出现 undefined reference to `sha256_vector'

CC ../src/drivers/drivers.c CC ../src/l2_packet/l2_packet_linux.c ../src/wps/wps_common.o: In function `wps_derive_keys': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/wps/wps_common.c:101: undefined reference to `sha256_vector' ../src/wps/wps_enrollee.o: In function `wps_process_pubkey': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/wps/wps_enrollee.c:519: undefined reference to `sha256_vector' ../src/crypto/tls_openssl.o: In function `openssl_tls_cert_event': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/tls_openssl.c:1346: undefined reference to `sha256_vector' ../src/crypto/tls_openssl.o: In function `tls_verify_cb': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/tls_openssl.c:1421: undefined reference to `sha256_vector' ../src/crypto/crypto_openssl.o: In function `crypto_hash_init': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/crypto_openssl.c:620: undefined reference to `EVP_sha256' ../src/crypto/crypto_openssl.o: In function `hmac_sha256_vector': /home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant/../src/crypto/crypto_openssl.c:754: undefined reference to `EVP_sha256' collect2: error: ld returned 1 exit status make: *** [wpa_supplicant] Error 1 root@atheros:/home/atheros/Atheros-P2P/wpa_supplicant-2.1/wpa_supplicant#

将curl转换为GOlang代码

<div class="post-text" itemprop="text"> <p>I am a GO newbie. I am trying to convert a curl command to GOlang. </p> <pre><code>curl --cacert "pki/ca.crt" \ -H "Authorization: Bearer my_bearer_token" \ --insecure \ --max-time 5 --fail --output /dev/null --silent \ "https://myserver/status"; do </code></pre> <p>This is what I have got:</p> <pre><code>mTLSConfig := &amp;tls.Config { CipherSuites: []uint16 { tls.TLS_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, }, InsecureSkipVerify: true, // --insecure } mTLSConfig.PreferServerCipherSuites = true mTLSConfig.MinVersion = tls.VersionTLS10 mTLSConfig.MaxVersion = tls.VersionTLS10 certs := x509.NewCertPool() certs.AppendCertsFromPEM([]byte(caCert)) mTLSConfig.RootCAs = certs tr := &amp;http.Transport{ TLSClientConfig: mTLSConfig, } client := &amp;http.Client{Transport: tr} req, _ := http.NewRequest("GET", "https://myserver/status", nil) req.Header.Set("Authorization", fmt.Sprintf("Bearer my_bearer_token")) resp, err := client.Do(req) glog.V(4).Info(resp, err) if err != nil { return true } return false </code></pre> <p>Am I doing it right?</p> </div>

Golang:如何在HTTP客户端的TLS配置中指定证书

<div class="post-text" itemprop="text"> <p>I have a cert file, that location is: <code>/usr/abc/my.crt</code> and I want to use that cert for my tls config, so that my http client uses that certificate when communicate with other servers. My current code is as follows:</p> <pre><code>mTLSConfig := &amp;tls.Config { CipherSuites: []uint16 { tls.TLS_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, } } mTLSConfig.PreferServerCipherSuites = true mTLSConfig.MinVersion = tls.VersionTLS10 mTLSConfig.MaxVersion = tls.VersionTLS10 tr := &amp;http.Transport{ TLSClientConfig: mTLSConfig, } c := &amp;http.Client{Transport: tr} </code></pre> <p>So how to assign a certificate in my TLS config? I see the certificate settings at <a href="http://golang.org/pkg/crypto/tls/#Config">http://golang.org/pkg/crypto/tls/#Config</a> can someone suggest how to config my cert location there?</p> <p><code>mTLSConfig.Config{Certificates: []tls.Certificate{'/usr/abc/my.crt'}}</code> &lt;-- is wrong because I am passing string.right? I DON'T have ANY other files such as .pem or .key etc, just only this my.cert. I am blank how to do it?</p> <p>Earlier, I had edited the go source code <a href="http://golang.org/src/pkg/crypto/x509/root_unix.go">http://golang.org/src/pkg/crypto/x509/root_unix.go</a> and added <code>/usr/abc/my.crt</code> after line no. 12 and it worked. But the problem is my certificate file location can change, so I have removed the hardcoded line from root_unix.go and trying to pass it dynamically, when building TLSConfig.</p> </div>

如何通过HTTPS提供静态文件

<div class="post-text" itemprop="text"> <p>I have been scratching my head for way too long with this one - my issue is rather trivial however I cannot really figure it out myself: how does one serve static files over HTTPS in Go?</p> <p>So far I have tried using both <code>HTTP.ServeFile</code> and <code>mux.Handle</code> with no particular success whatsoever.</p> <pre><code>func main() { mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains") http.ServeFile(w, req, "./static") }) cfg := &amp;tls.Config{ MinVersion: tls.VersionTLS12, CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256}, PreferServerCipherSuites: true, CipherSuites: []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_256_CBC_SHA, }, } srv := &amp;http.Server{ Addr: ":8080", Handler: mux, TLSConfig: cfg, TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0), } log.Fatal(srv.ListenAndServeTLS("./server.rsa.crt", "./server.rsa.key")) } </code></pre> <p>Any help is appreciated, thanks!</p> </div>

SSL例程:tls_process_server_certificate:证书验证失败无法启用加密

<div class="post-text" itemprop="text"> <p>When I try install to composer on my system, it always gives me this error </p> <pre><code> The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Failed to enable crypto failed to open stream: operation failed </code></pre> <p>I used the php -r 'print_r(openssl_get_cert_locations());' command to see the php default cert locations and the result is below: </p> <pre><code> Array ( [default_cert_file] =&gt; C:\usr\local\ssl/cert.pem [default_cert_file_env] =&gt; SSL_CERT_FILE [default_cert_dir] =&gt; C:\usr\local\ssl/certs [default_cert_dir_env] =&gt; SSL_CERT_DIR [default_private_dir] =&gt; C:\usr\local\ssl/private [default_default_cert_area] =&gt; C:\usr\local\ssl [ini_cafile] =&gt; C:\xampp\apache\cert.pem [ini_capath] =&gt; ) </code></pre> <p>C:\usr\local\ssl/cert.pem does not exist so I then downloaded an ssl cert from <a href="http://curl.haxx.se/ca/cacert.pem" rel="nofollow noreferrer">http://curl.haxx.se/ca/cacert.pem</a> and manually created the C:\usr\local\ssl/cert.pem but still no success. I really need a solution as I'm out of options or is there a way I can bypass the ssl cert validation. </p> </div>

tomcat启用https后不解析jsp

项目部署在服务器后是apache+tomcat部署的,一旦启用https ssl就不解析jsp了,关掉就又解析jsp了!大佬帮我看一下这个是怎么了! server.xml ``` <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener" /> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" /> </GlobalNamingResources> <Service name="Catalina"> <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Connector port="443" protocol="org.apache.coyote.http1.1.Http11Protocol" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/www/server/tomcat/cert/214362308490897.pfx" keystoreType="PKCS12" keystorePass="214362308490897" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/> <Engine defaultHost="localhost" name="Catalina"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" /> </Realm> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log." suffix=".txt" /> </Host> <Host appBase="/www/wwwroot/yananhuazai.cn" autoDeploy="true" name="yananhuazai.cn" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false"> <Context crossContext="true" docBase="/www/wwwroot/yananhuazai.cn" path="" reloadable="true" /> </Host> </Engine> </Service> </Server> ``` 是项目打成war包放进去的! ![图片说明](https://img-ask.csdn.net/upload/201712/02/1512179045_57924.png)

64位下TLS函数怎么声明?

今天写了一个TLS测试,在32位下通过,64位下不成功,所以64位下该怎么写TLS回调函数呢?代码如下: ``` #pragma comment(linker,"/INCLUDE:__tls_used") void NTAPI MY_TLS_CALLBACK(PVOID DllHandle, DWORD Reason, PVOID Reserved); //TLS回调函数测试 void NTAPI MY_TLS_CALLBACK(PVOID DllHandle, DWORD Reason, PVOID Reserved) { if (Reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"TLSTest!", NULL, MB_OK); } } #pragma data_seg(".CRT$XLX") PIMAGE_TLS_CALLBACK pTLS_CALLBACKs[] = { MY_TLS_CALLBACK,0 }; #pragma data_seg() ``` 报错:dllmain.obj : error LNK2001: 无法解析的外部符号 __tls_used

大学四年自学走来,这些私藏的实用工具/学习网站我贡献出来了

大学四年,看课本是不可能一直看课本的了,对于学习,特别是自学,善于搜索网上的一些资源来辅助,还是非常有必要的,下面我就把这几年私藏的各种资源,网站贡献出来给你们。主要有:电子书搜索、实用工具、在线视频学习网站、非视频学习网站、软件下载、面试/求职必备网站。 注意:文中提到的所有资源,文末我都给你整理好了,你们只管拿去,如果觉得不错,转发、分享就是最大的支持了。 一、电子书搜索 对于大部分程序员...

在中国程序员是青春饭吗?

今年,我也32了 ,为了不给大家误导,咨询了猎头、圈内好友,以及年过35岁的几位老程序员……舍了老脸去揭人家伤疤……希望能给大家以帮助,记得帮我点赞哦。 目录: 你以为的人生 一次又一次的伤害 猎头界的真相 如何应对互联网行业的「中年危机」 一、你以为的人生 刚入行时,拿着傲人的工资,想着好好干,以为我们的人生是这样的: 等真到了那一天,你会发现,你的人生很可能是这样的: ...

Java基础知识面试题(2020最新版)

文章目录Java概述何为编程什么是Javajdk1.5之后的三大版本JVM、JRE和JDK的关系什么是跨平台性?原理是什么Java语言有哪些特点什么是字节码?采用字节码的最大好处是什么什么是Java程序的主类?应用程序和小程序的主类有何不同?Java应用程序与小程序之间有那些差别?Java和C++的区别Oracle JDK 和 OpenJDK 的对比基础语法数据类型Java有哪些数据类型switc...

我以为我学懂了数据结构,直到看了这个导图才发现,我错了

数据结构与算法思维导图

技术大佬:我去,你写的 switch 语句也太老土了吧

昨天早上通过远程的方式 review 了两名新来同事的代码,大部分代码都写得很漂亮,严谨的同时注释也很到位,这令我非常满意。但当我看到他们当中有一个人写的 switch 语句时,还是忍不住破口大骂:“我擦,小王,你丫写的 switch 语句也太老土了吧!” 来看看小王写的代码吧,看完不要骂我装逼啊。 private static String createPlayer(PlayerTypes p...

和黑客斗争的 6 天!

互联网公司工作,很难避免不和黑客们打交道,我呆过的两家互联网公司,几乎每月每天每分钟都有黑客在公司网站上扫描。有的是寻找 Sql 注入的缺口,有的是寻找线上服务器可能存在的漏洞,大部分都...

Linux 会成为主流桌面操作系统吗?

整理 |屠敏出品 | CSDN(ID:CSDNnews)2020 年 1 月 14 日,微软正式停止了 Windows 7 系统的扩展支持,这意味着服役十年的 Windows 7,属于...

讲一个程序员如何副业月赚三万的真实故事

loonggg读完需要3分钟速读仅需 1 分钟大家好,我是你们的校长。我之前讲过,这年头,只要肯动脑,肯行动,程序员凭借自己的技术,赚钱的方式还是有很多种的。仅仅靠在公司出卖自己的劳动时...

学习总结之HTML5剑指前端(建议收藏,图文并茂)

前言学习《HTML5与CSS3权威指南》这本书很不错,学完之后我颇有感触,觉得web的世界开明了许多。这本书是需要有一定基础的web前端开发工程师。这本书主要学习HTML5和css3,看...

女程序员,为什么比男程序员少???

昨天看到一档综艺节目,讨论了两个话题:(1)中国学生的数学成绩,平均下来看,会比国外好?为什么?(2)男生的数学成绩,平均下来看,会比女生好?为什么?同时,我又联想到了一个技术圈经常讨...

搜狗输入法也在挑战国人的智商!

故事总是一个接着一个到来...上周写完《鲁大师已经彻底沦为一款垃圾流氓软件!》这篇文章之后,鲁大师的市场工作人员就找到了我,希望把这篇文章删除掉。经过一番沟通我先把这篇文章从公号中删除了...

副业收入是我做程序媛的3倍,工作外的B面人生是怎样的?

提到“程序员”,多数人脑海里首先想到的大约是:为人木讷、薪水超高、工作枯燥…… 然而,当离开工作岗位,撕去层层标签,脱下“程序员”这身外套,有的人生动又有趣,马上展现出了完全不同的A/B面人生! 不论是简单的爱好,还是正经的副业,他们都干得同样出色。偶尔,还能和程序员的特质结合,产生奇妙的“化学反应”。 @Charlotte:平日素颜示人,周末美妆博主 大家都以为程序媛也个个不修边幅,但我们也许...

MySQL数据库面试题(2020最新版)

文章目录数据库基础知识为什么要使用数据库什么是SQL?什么是MySQL?数据库三大范式是什么mysql有关权限的表都有哪几个MySQL的binlog有有几种录入格式?分别有什么区别?数据类型mysql有哪些数据类型引擎MySQL存储引擎MyISAM与InnoDB区别MyISAM索引与InnoDB索引的区别?InnoDB引擎的4大特性存储引擎选择索引什么是索引?索引有哪些优缺点?索引使用场景(重点)...

新一代神器STM32CubeMonitor介绍、下载、安装和使用教程

关注、星标公众号,不错过精彩内容作者:黄工公众号:strongerHuang最近ST官网悄悄新上线了一款比较强大的工具:STM32CubeMonitor V1.0.0。经过我研究和使用之...

记一次腾讯面试,我挂在了最熟悉不过的队列上……

腾讯后台面试,面试官问:如何自己实现队列?

如果你是老板,你会不会踢了这样的员工?

有个好朋友ZS,是技术总监,昨天问我:“有一个老下属,跟了我很多年,做事勤勤恳恳,主动性也很好。但随着公司的发展,他的进步速度,跟不上团队的步伐了,有点...

我入职阿里后,才知道原来简历这么写

私下里,有不少读者问我:“二哥,如何才能写出一份专业的技术简历呢?我总感觉自己写的简历太烂了,所以投了无数份,都石沉大海了。”说实话,我自己好多年没有写过简历了,但我认识的一个同行,他在阿里,给我说了一些他当年写简历的方法论,我感觉太牛逼了,实在是忍不住,就分享了出来,希望能够帮助到你。 01、简历的本质 作为简历的撰写者,你必须要搞清楚一点,简历的本质是什么,它就是为了来销售你的价值主张的。往深...

冒泡排序动画(基于python pygame实现)

本项目效果初始截图如下 动画见本人b站投稿:https://www.bilibili.com/video/av95491382 本项目对应github地址:https://github.com/BigShuang python版本:3.6,pygame版本:1.9.3。(python版本一致应该就没什么问题) 样例gif如下 ======================= 大爽歌作,mad

Redis核心原理与应用实践

Redis核心原理与应用实践 在很多场景下都会使用Redis,但是到了深层次的时候就了解的不是那么深刻,以至于在面试的时候经常会遇到卡壳的现象,学习知识要做到系统和深入,不要把Redis想象的过于复杂,和Mysql一样,是个读取数据的软件。 有一个理解是Redis是key value缓存服务器,更多的优点在于对value的操作更加丰富。 安装 yum install redis #yum安装 b...

现代的 “Hello, World”,可不仅仅是几行代码而已

作者 |Charles R. Martin译者 | 弯月,责编 | 夕颜头图 |付费下载自视觉中国出品 | CSDN(ID:CSDNnews)新手...

带了6个月的徒弟当了面试官,而身为高级工程师的我天天修Bug......

即将毕业的应届毕业生一枚,现在只拿到了两家offer,但最近听到一些消息,其中一个offer,我这个组据说客户很少,很有可能整组被裁掉。 想问大家: 如果我刚入职这个组就被裁了怎么办呢? 大家都是什么时候知道自己要被裁了的? 面试软技能指导: BQ/Project/Resume 试听内容: 除了刷题,还有哪些技能是拿到offer不可或缺的要素 如何提升面试软实力:简历, 行为面试,沟通能...

!大部分程序员只会写3年代码

如果世界上都是这种不思进取的软件公司,那别说大部分程序员只会写 3 年代码,恐怕就没有程序员这种职业。

离职半年了,老东家又发 offer,回不回?

有小伙伴问松哥这个问题,他在上海某公司,在离职了几个月后,前公司的领导联系到他,希望他能够返聘回去,他很纠结要不要回去? 俗话说好马不吃回头草,但是这个小伙伴既然感到纠结了,我觉得至少说明了两个问题:1.曾经的公司还不错;2.现在的日子也不是很如意。否则应该就不会纠结了。 老实说,松哥之前也有过类似的经历,今天就来和小伙伴们聊聊回头草到底吃不吃。 首先一个基本观点,就是离职了也没必要和老东家弄的苦...

2020阿里全球数学大赛:3万名高手、4道题、2天2夜未交卷

阿里巴巴全球数学竞赛( Alibaba Global Mathematics Competition)由马云发起,由中国科学技术协会、阿里巴巴基金会、阿里巴巴达摩院共同举办。大赛不设报名门槛,全世界爱好数学的人都可参与,不论是否出身数学专业、是否投身数学研究。 2020年阿里巴巴达摩院邀请北京大学、剑桥大学、浙江大学等高校的顶尖数学教师组建了出题组。中科院院士、美国艺术与科学院院士、北京国际数学...

为什么你不想学习?只想玩?人是如何一步一步废掉的

不知道是不是只有我这样子,还是你们也有过类似的经历。 上学的时候总有很多光辉历史,学年名列前茅,或者单科目大佬,但是虽然慢慢地长大了,你开始懈怠了,开始废掉了。。。 什么?你说不知道具体的情况是怎么样的? 我来告诉你: 你常常潜意识里或者心理觉得,自己真正的生活或者奋斗还没有开始。总是幻想着自己还拥有大把时间,还有无限的可能,自己还能逆风翻盘,只不是自己还没开始罢了,自己以后肯定会变得特别厉害...

HTTP与HTTPS的区别

面试官问HTTP与HTTPS的区别,我这样回答让他竖起大拇指!

程序员毕业去大公司好还是小公司好?

虽然大公司并不是人人都能进,但我仍建议还未毕业的同学,尽力地通过校招向大公司挤,但凡挤进去,你这一生会容易很多。 大公司哪里好?没能进大公司怎么办?答案都在这里了,记得帮我点赞哦。 目录: 技术氛围 内部晋升与跳槽 啥也没学会,公司倒闭了? 不同的人脉圈,注定会有不同的结果 没能去大厂怎么办? 一、技术氛围 纵观整个程序员技术领域,哪个在行业有所名气的大牛,不是在大厂? 而且众所...

男生更看重女生的身材脸蛋,还是思想?

往往,我们看不进去大段大段的逻辑。深刻的哲理,往往短而精悍,一阵见血。问:产品经理挺漂亮的,有点心动,但不知道合不合得来。男生更看重女生的身材脸蛋,还是...

程序员为什么千万不要瞎努力?

本文作者用对比非常鲜明的两个开发团队的故事,讲解了敏捷开发之道 —— 如果你的团队缺乏统一标准的环境,那么即使勤劳努力,不仅会极其耗时而且成果甚微,使用...

为什么程序员做外包会被瞧不起?

二哥,有个事想询问下您的意见,您觉得应届生值得去外包吗?公司虽然挺大的,中xx,但待遇感觉挺低,马上要报到,挺纠结的。

面试阿里p7,被按在地上摩擦,鬼知道我经历了什么?

面试阿里p7被问到的问题(当时我只知道第一个):@Conditional是做什么的?@Conditional多个条件是什么逻辑关系?条件判断在什么时候执...

立即提问
相关内容推荐