JDK:
Java(TM)SE运行时环境(版本1.7.0_05-b05)
我通过HTTPS从REST Web服务获取数据,现在已经很好了.
我在周末升级到Ubuntu 12.04(从11.10开始) – 现在这个失败了.我只能假设在那段时间我的JVM中发生了一些变化.我以前认为我在Java 7上,所以我很困惑.
无论哪种方式失败的代码是Net :: HTTP.start部分:
require "net/http"
Net::HTTP.start(uri.host, :use_ssl => true, :ca_path => "/etc/ssl/certs") do |http|
#...
end
错误是:
OpenSSL::SSL::SSLError: Certificates does not conform to algorithm constraints
from org/jruby/ext/openssl/SSLSocket.java:180:in `connect'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:799:in `connect'
from org/jruby/ext/timeout/Timeout.java:103:in `timeout'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:799:in `connect'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:755:in `do_start'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:744:in `start'
from /opt/jruby/active/lib/ruby/1.9/net/http.rb:557:in `start'
任何帮助,将不胜感激.
编辑:
我刚刚在Java 6上测试了它,它运行正常.
我想知道它是否与:https://forums.oracle.com/forums/thread.jspa?threadID=2405379有关
最佳答案 找到这里概述的解决方案:
http://sim.ivi.co/2011/07/java-se-7-release-security-enhancements.html
精简版:
进入java_home / jre / lib / security / java.security
并改变
jdk.certpath.disabledAlgorithms=MD2
至
jdk.certpath.disabledAlgorithms=
但是,请注意,这会重新启用MD2哈希,这已被证明不安全.
看到:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
