问题描述
cloudstack-agent突然连不上管理端,查看错误日志如下
2022-11-10 00:01:50,593 ERROR [utils.nio.NioConnection] (main:null) (logid:) Unable to initialize the threads.
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
INFO [utils.nio.NioClient] (main:null) (logid:) Connecting to 20.12.11.101:8250
2022-11-10 00:01:55,598 ERROR [utils.nio.NioConnection] (main:null) (logid:) Unable to initialize the threads.
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:220)
at sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:97)
at com.cloud.utils.nio.NioClient.init(NioClient.java:63)
at com.cloud.utils.nio.NioConnection.start(NioConnection.java:88)
at com.cloud.agent.Agent.start(Agent.java:237)
at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:399)
at com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:367)
at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:351)
at com.cloud.agent.AgentShell.start(AgentShell.java:456)
agent连接报错
解决,
找到客户端java安全文件,然后修改security/java.security文件配置中的disabledAlgorithms,删除SSLv3, TLSv1, TLSv1.1,然后重新启动cloudstack-agent后正常
root@agent:~# whereis java
java: /usr/bin/java /usr/share/java /usr/share/man/man1/java.1.gz
root@agent:~# ls -lrt /usr/bin/java
lrwxrwxrwx 1 root root 22 Jan 21 2022 /usr/bin/java -> /etc/alternatives/java
root@agent:~# ls -lrt /etc/alternatives/java
lrwxrwxrwx 1 root root 46 Jan 21 2022 /etc/alternatives/java -> /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
root@agent:~# cd /usr/lib/jvm/java-8-openjdk-amd64/jre/
root@agent:/usr/lib/jvm/java-8-openjdk-amd64/jre# ls
ASSEMBLY_EXCEPTION bin lib man THIRD_PARTY_README
root@agent:/usr/lib/jvm/java-8-openjdk-amd64/jre# cd lib/
root@agent:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib# ls
amd64 content-types.properties images jfr.jar management-agent.jar resources.jar tzdb.dat
calendars.properties currency.data jar.binfmt jsse.jar meta-index rt.jar
charsets.jar ext jce.jar jvm.hprof.txt net.properties security
classlist flavormap.properties jexec logging.properties psfontj2d.properties sound.properties
cmm hijrah-config-umalqura.properties jfr management psfont.properties.ja swing.properties
root@agent:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib# cat security/
blacklisted.certs cacerts java.policy java.security java.security.bak nss.cfg policy/
root@agent:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib# cat security/java.security|grep disabledAlgorithms
# in the jdk.[tls|certpath|jar].disabledAlgorithms properties. To include this
# list in any of the disabledAlgorithms properties, add the property name as
# can be included in the disabledAlgorithms properties. These properties are
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and
# "jdk.jar.disabledAlgorithms" security properties.
# See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
# This is in addition to the jdk.certpath.disabledAlgorithms property above.
# See the specification of "jdk.certpath.disabledAlgorithms" for the
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=RC4, DES, MD5withRSA, \
# See the specification of security property "jdk.certpath.disabledAlgorithms"
# certificates such as jdk.tls.disabledAlgorithms or
# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
参考
(59条消息) Java调用ssl出现异常:javax.net.ssl.SSLHandshakeException: No appropriate protocol_程序员星空的博客-CSDN博客_javax.net.ssl.sslhandshakeexception
(59条消息) javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher su 解决办法_PPX、小布的博客-CSDN博客
