本文将分享接收SSLHandshakeException:尽管我的客户端忽略了所有证书,但是handshake_failure的详细内容,此外,我们还将为大家带来关于3、javax.net.ssl.S
本文将分享接收SSLHandshakeException:尽管我的客户端忽略了所有证书,但是handshake_failure的详细内容,此外,我们还将为大家带来关于3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误、Android 11的javax.net.ssl.SSLHandshakeException、Java SSLHandshakeException:没有通用的密码套件、Java 收到致命警报:通过SSLHandshakeException的handshake_failure的相关知识,希望对你有所帮助。
本文目录一览:- 接收SSLHandshakeException:尽管我的客户端忽略了所有证书,但是handshake_failure
- 3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误
- Android 11的javax.net.ssl.SSLHandshakeException
- Java SSLHandshakeException:没有通用的密码套件
- Java 收到致命警报:通过SSLHandshakeException的handshake_failure
接收SSLHandshakeException:尽管我的客户端忽略了所有证书,但是handshake_failure
我有一个Java程序,该程序使用SSL /
TLS连接到Web服务器,并通过该连接发送各种HTTP请求。服务器是本地主机,并且正在使用自签名证书,但是我的代码正在使用自定义TrustManager,并且忽略无效的证书。到目前为止,它一直运行良好。
服务器上的唯一区别是它曾经运行过jboss
6,现在正在运行jboss7。我不确定这是否是配置问题,或者我的代码是否存在问题,但是如果出现以下错误,我会得到相同的错误我尝试使用其他基于Java的程序(例如WebScarab或ZAP)进行连接。
无论如何,我可以对我的代码做些什么来解决这个问题?这是完整的错误:
Received fatal alert: handshake_failurejavax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)这是失败之前的调试消息:
main, WRITE: TLSv1 Handshake, length = 75main, WRITE: SSLv2 client hello message, length = 101main, READ: TLSv1 Alert, length = 2main, RECV TLSv1 ALERT: fatal, handshake_failure答案1
小编典典所以我发现了问题。Java中可能存在一个错误,但是客户端似乎启动了TLSv1握手,但是随后发送了SSLv2客户端问候消息,此时服务器拒绝了连接。
即使使用TLS实例创建SSLContext,也会发生这种情况:
SSLContext sslContext = SSLContext.getInstance("TLS");解决方案是在尝试进行任何连接之前设置系统属性:
System.setProperty("https.protocols", "TLSv1");可能还有其他解决方案,但这对我有用。
3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误
使用Jmeter做测试的时候,出现 javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误,解决方式是修改java安装路径的文件: G:\Java\jre1.8.0_201\lib\security\java.security。把注释的 crypto.policy=unlimited 放开。
参考文档: https://blog.csdn.net/kevin_mails/article/details/82143490
http://xwiz.cn/2018-05-09-java-ssl-ciphersuite
Android 11的javax.net.ssl.SSLHandshakeException
如何解决Android 11的javax.net.ssl.SSLHandshakeException?
尝试在Android 11上使用HTTPS连接到我的服务器时,我的应用程序抛出javax.net.ssl.SSLHandshakeException错误。
可能是什么原因造成的?我正在通过CloudFlare使用完全SSL。 Android 11是否需要完整的SSL(严格)?
2020-09-12 19:21:37.131 20726-20857/? I/APP: I 09/12/2020 19:21:37:130 b7ef51e0 Net| POST request (Pull): sync.mydomain.com/rc/v1/app/login
2020-09-12 19:21:37.146 206-212/? E/android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup34: Permission denied
2020-09-12 19:21:37.149 206-212/? E/android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup35: Permission denied
2020-09-12 19:21:37.143 206-206/? W/Binder:206_2: type=1400 audit(0.0:3377): avc: denied { read } for name="wakeup34" dev="sysfs" ino=18474 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
2020-09-12 19:21:37.147 206-206/? W/Binder:206_2: type=1400 audit(0.0:3378): avc: denied { read } for name="wakeup35" dev="sysfs" ino=18534 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
2020-09-12 19:21:37.192 20726-20857/? I/APP: I 09/12/2020 19:21:37:192 b7ef51e0 SSLImplJava| SSL connect to sync.mydomain.com:443
2020-09-12 19:21:37.192 20726-20857/? I/APP: I 09/12/2020 19:21:37:192 b7ef51e0 SSLImplJava| Creating secure SSL factory
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| Creating TrustManager for system certificates
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| Loading all SSL certificates from config
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| SSL certificates loaded: 0
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| Creating TrustManager for custom certificates
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| clientSSLCertificate is
2020-09-12 19:21:37.195 20726-20857/? I/APP: I 09/12/2020 19:21:37:195 b7ef51e0 SSLImplJava| Secure SSL factory initialization completed
2020-09-12 19:21:37.196 20726-20857/? I/APP: E 09/12/2020 19:21:37:196 b7ef51e0 SSLImplJava| Call of "connect" Failed: SSLHandshakeException: Attempt to invoke virtual method ''void java.io.OutputStream.write(byte[],int,int)'' on a null object reference
2020-09-12 19:21:37.197 20726-20857/? W/System.err: javax.net.ssl.SSLHandshakeException: Attempt to invoke virtual method ''void java.io.OutputStream.write(byte[],int)'' on a null object reference
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.doHandshake(ConscryptEnginesocket.java:276)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.startHandshake(ConscryptEnginesocket.java:217)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.waitForHandshake(ConscryptEnginesocket.java:563)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.getoutputStream(ConscryptEnginesocket.java:298)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.rhomobile.rhodes.socket.SSLImpl.connect(SSLImpl.java:639)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: Caused by: java.lang.NullPointerException: Attempt to invoke virtual method ''void java.io.OutputStream.write(byte[],int)'' on a null object reference
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket$SSLOutputStream.writetoSocket(ConscryptEnginesocket.java:715)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket$SSLOutputStream.writeInternal(ConscryptEnginesocket.java:689)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket$SSLOutputStream.access$200(ConscryptEnginesocket.java:616)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.doHandshake(ConscryptEnginesocket.java:245)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: ... 4 more
2020-09-12 19:21:37.197 20726-20857/? I/APP: E 09/12/2020 19:21:37:197 b7ef51e0 Net| Operation finished with error 35: SSL connect error
2020-09-12 19:21:37.197 20726-20857/? I/APP: E 09/12/2020 19:21:37:197 b7ef51e0 Net| CURLNetRequest: METHOD = [POST] URL = [https://sync.mydomain.com/rc/v1/app/login] BODY = [{"login":"","password":"","remember_me":1}]
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)
Java SSLHandshakeException:没有通用的密码套件
我正在尝试通过Java SSLSockets将安全性应用于简单的聊天应用程序。
我创建了一个自签名的CA,并用它签署了两个证书(全部使用了RSA密钥),一个证书用于服务器,一个证书用于客户端。之后,我将证书导入服务器的密钥库和客户端的密钥库。
CA :openssl genrsa -out ca.key 1024 -rsaopenssl req -new -key ca.key -out ca.csropenssl x509 -req -days 365 -in ca.csr -out ca.crt -signkey ca.keySERVER CERTIFICATE:openssl genrsa -out server.key 1024 -rsaopenssl req -new -key server.key -out server.csropenssl ca -in server.csr -cert ca.crt -keyfile ca.key -out server.crtCLIENT CERTIFICATE :openssl genrsa -out client.key 1024 -rsaopenssl req -new -key client.key -out client.csropenssl ca -in client.csr -cert ca.crt -keyfile ca.key -out client.crtKEYSTORES:keytool -import -keystore serverkeystore -file ca.crt -alias theCARootkeytool -import -keystore serverkeystore -file server.crt -alias servercrtkeytool -import -keystore serverkeystore -file client.crt -alias clientcrtkeytool -import -keystore clientkeystore -file ca.crt -alias theCARootkeytool -import -keystore clientkeystore -file server.crt -alias servercrtkeytool -import -keystore clientkeystore -file client.crt -alias clientcrt我想使用特定的密码,但显然所有受支持的密码均无效。
我为客户提供的代码:
import java.net.*;import java.io.*;import java.security.*;import java.security.cert.CertificateException;import javax.net.ssl.*;public class ChatClient implements Runnable{ private SSLSocket socket = null; private Thread thread = null; private DataInputStream console = null; private DataOutputStream streamOut = null; private ChatClientThread client = null; final String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_256_CBC_SHA256"}; final char[] passphrase = "123456".toCharArray(); public ChatClient(String serverName, int serverPort) { System.out.println("Establishing connection to server..."); try { SSLSocketFactory factory = null; SSLContext ctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks= KeyStore.getInstance("JKS"); ks.load(new FileInputStream("clientkeystore"), passphrase); kmf.init(ks, passphrase); KeyStore serverKey = KeyStore.getInstance("JKS"); serverKey.load(new FileInputStream("serverkeystore"),passphrase); TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509"); trustManager.init(serverKey); ctx.init(kmf.getKeyManagers(), trustManager.getTrustManagers(), null); factory = ctx.getSocketFactory(); socket = (SSLSocket)factory.createSocket(serverName, serverPort); socket.setEnabledCipherSuites(enabledCipherSuites); start(); } catch(UnknownHostException uhe) { // Host unkwnown System.out.println("Error establishing connection - host unknown: " + uhe.getMessage()); } catch(IOException ioexception) { // Other error establishing connection System.out.println("Error establishing connection - unexpected exception: " + ioexception.getMessage()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } public void run() { while (thread != null) { try { // Sends message from console to server streamOut.writeUTF(console.readLine()); streamOut.flush(); } catch(IOException ioexception) { System.out.println("Error sending string to server: " + ioexception.getMessage()); stop(); } } } public void handle(String msg) { // Receives message from server if (msg.equals(".quit")) { // Leaving, quit command System.out.println("Exiting...Please press RETURN to exit ..."); stop(); } else // else, writes message received from server to console System.out.println(msg); } // Inits new client thread public void start() throws IOException { console = new DataInputStream(System.in); streamOut = new DataOutputStream(socket.getOutputStream()); if (thread == null) { client = new ChatClientThread(this, socket); thread = new Thread(this); thread.start(); } } // Stops client thread public void stop() { if (thread != null) { thread.stop(); thread = null; } try { if (console != null) console.close(); if (streamOut != null) streamOut.close(); if (socket != null) socket.close(); } catch(IOException ioe) { System.out.println("Error closing thread..."); } client.close(); client.stop(); } public static void main(String args[]) { ChatClient client = null; if (args.length != 2) // Displays correct usage syntax on stdout System.out.println("Usage: java ChatClient host port"); else // Calls new client client = new ChatClient(args[0], Integer.parseInt(args[1])); }}class ChatClientThread extends Thread{ private SSLSocket socket = null; private ChatClient client = null; private DataInputStream streamIn = null; public ChatClientThread(ChatClient _client, SSLSocket _socket) { client = _client; socket = _socket; open(); start(); } public void open() { try { streamIn = new DataInputStream(socket.getInputStream()); } catch(IOException ioe) { System.out.println("Error getting input stream: " + ioe); client.stop(); } } public void close() { try { if (streamIn != null) streamIn.close(); } catch(IOException ioe) { System.out.println("Error closing input stream: " + ioe); } } public void run() { while (true) { try { client.handle(streamIn.readUTF()); } catch(IOException ioe) { System.out.println("Listening error: " + ioe.getMessage()); client.stop(); } } }}对于服务器:
import java.net.*;import java.io.*;import java.security.*;import java.security.cert.CertificateException;import java.util.Arrays;import javax.net.ServerSocketFactory;import javax.net.ssl.*;public class ChatServer implements Runnable{ private ChatServerThread clients[] = new ChatServerThread[20]; private SSLServerSocket server_socket = null; private Thread thread = null; private int clientCount = 0; final String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_256_CBC_SHA256"}; final char[] passphrase = "123456".toCharArray(); public ChatServer(int port) { try { // Binds to port and starts server System.out.println("Binding to port " + port); SSLContext ctx = SSLContext.getInstance("TLS");; KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("serverkeystore"), passphrase); kmf.init(ks, passphrase); KeyStore serverKey = KeyStore.getInstance("JKS"); serverKey.load(new FileInputStream("clientkeystore"),passphrase); TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509"); trustManager.init(serverKey); ctx.init(kmf.getKeyManagers(), trustManager.getTrustManagers(), null); SSLServerSocketFactory ssf = ctx.getServerSocketFactory(); server_socket = (SSLServerSocket) ssf.createServerSocket(port); server_socket.setEnabledCipherSuites(enabledCipherSuites); server_socket.setNeedClientAuth(true); System.out.println("Server started: " + server_socket); start(); } catch(IOException ioexception) { // Error binding to port System.out.println("Binding error (port=" + port + "): " + ioexception.getMessage()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } public void run() { while (thread != null) { try { // Adds new thread for new client System.out.println("Waiting for a client ..."); addThread((SSLSocket)server_socket.accept()); } catch(IOException ioexception) { System.out.println("Accept error: " + ioexception); stop(); } } } public void start() { if (thread == null) { // Starts new thread for client thread = new Thread(this); thread.start(); } } public void stop() { if (thread != null) { // Stops running thread for client thread.stop(); thread = null; } } private int findClient(int ID) { // Returns client from id for (int i = 0; i < clientCount; i++) if (clients[i].getID() == ID) return i; return -1; } public synchronized void handle(int ID, String input) { if (input.equals(".quit")) { int leaving_id = findClient(ID); // Client exits clients[leaving_id].send(".quit"); // Notify remaing users for (int i = 0; i < clientCount; i++) if (i!=leaving_id) clients[i].send("Client " +ID + " exits.."); remove(ID); } else // Brodcast message for every other client online for (int i = 0; i < clientCount; i++) clients[i].send(ID + ": " + input); } public synchronized void remove(int ID) { int pos = findClient(ID); if (pos >= 0) { // Removes thread for exiting client ChatServerThread toTerminate = clients[pos]; System.out.println("Removing client thread " + ID + " at " + pos); if (pos < clientCount-1) for (int i = pos+1; i < clientCount; i++) clients[i-1] = clients[i]; clientCount--; try { toTerminate.close(); } catch(IOException ioe) { System.out.println("Error closing thread: " + ioe); } toTerminate.stop(); } } private void addThread(SSLSocket socket) { if (clientCount < clients.length) { // Adds thread for new accepted client System.out.println("Client accepted: " + socket); clients[clientCount] = new ChatServerThread(this, socket); try { clients[clientCount].open(); clients[clientCount].start(); clientCount++; } catch(IOException ioe) { System.out.println("Error opening thread: " + ioe); } } else System.out.println("Client refused: maximum " + clients.length + " reached."); } public static void main(String args[]) { ChatServer server = null; if (args.length != 1) // Displays correct usage for server System.out.println("Usage: java ChatServer port"); else // Calls new server server = new ChatServer(Integer.parseInt(args[0])); }}class ChatServerThread extends Thread{ private ChatServer server = null; private SSLSocket socket = null; private int ID = -1; private DataInputStream streamIn = null; private DataOutputStream streamOut = null; public ChatServerThread(ChatServer _server, SSLSocket _socket) { super(); server = _server; socket = _socket; ID = socket.getPort(); } // Sends message to client public void send(String msg) { try { streamOut.writeUTF(msg); streamOut.flush(); } catch(IOException ioexception) { System.out.println(ID + " ERROR sending message: " + ioexception.getMessage()); server.remove(ID); stop(); } } // Gets id for client public int getID() { return ID; } // Runs thread public void run() { System.out.println("Server Thread " + ID + " running."); while (true) { try { server.handle(ID, streamIn.readUTF()); } catch(IOException ioe) { System.out.println(ID + " ERROR reading: " + ioe.getMessage()); server.remove(ID); stop(); } } } // Opens thread public void open() throws IOException { streamIn = new DataInputStream(new BufferedInputStream(socket.getInputStream())); streamOut = new DataOutputStream(new BufferedOutputStream(socket.getOutputStream())); } // Closes thread public void close() throws IOException { if (socket != null) socket.close(); if (streamIn != null) streamIn.close(); if (streamOut != null) streamOut.close(); }}对不起,如果我的英语有点生锈。
我的操作系统是OS X El Capitan,Java版本是1.8。
Here is the server''s stack trace: /Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/bin/java -Djavax.net.debug=all -Didea.launcher.port=7536 "-Didea.launcher.bin.path=/Applications/IntelliJ IDEA 15.app/Contents/bin" -Dfile.encoding=UTF-8 -classpath "/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/tools.jar:/Users/joaogoncalves/Dropbox/STI/out/production/STI Assignment 3:/Applications/IntelliJ IDEA 15.app/Contents/lib/idea_rt.jar" com.intellij.rt.execution.application.AppMain ChatServer 5000Binding to port 5000adding as trusted cert: Subject: CN=Joao Goncalves, OU=DEQ, O=UC, ST=Coimbra, C=PT Issuer: CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT Algorithm: RSA; Serial number: 0xc94895f3863a5c36 Valid from Mon May 23 23:43:42 WEST 2016 until Tue May 23 23:43:42 WEST 2017adding as trusted cert: Subject: CN=www.uc.pt, OU=DEM, O=UC, ST=Coimbra, C=PT Issuer: CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT Algorithm: RSA; Serial number: 0xc94895f3863a5c35 Valid from Mon May 23 23:42:54 WEST 2016 until Tue May 23 23:42:54 WEST 2017adding as trusted cert: Subject: CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT Issuer: CN=DEI, OU=DEI, O=UC, L=Coimbra, ST=Coimbra, C=PT Algorithm: RSA; Serial number: 0xdb931da4e1abec22 Valid from Mon May 23 23:42:03 WEST 2016 until Tue May 23 23:42:03 WEST 2017trigger seeding of SecureRandomdone seeding SecureRandomServer started: [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=5000]]Waiting for a client ...Allow unsafe renegotiation: falseAllow legacy hello messages: trueIs initial handshake: trueIs secure renegotiation: falseClient accepted: 74ce57fc[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=57519,localport=5000]]Waiting for a client ...Server Thread 57519 running.Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1No available cipher suite for TLSv1Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1No available cipher suite for TLSv1.1[Raw read]: length = 50000: 16 03 03 00 52 ....R[Raw read]: length = 820000: 01 00 00 4E 03 03 57 44 7B 3B B8 1E 77 88 AF 4E ...N..WD.;..w..N0010: C7 CA 73 CE AC 38 62 5D 18 BD 9A 16 7E 25 86 25 ..s..8b].....%.%0020: 36 1C EF F5 B6 FF 00 00 02 00 3D 01 00 00 23 00 6.........=...#.0030: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................0040: 01 03 03 03 01 02 03 02 01 02 02 01 01 FF 01 00 ................0050: 01 00 ..Thread-1, READ: TLSv1.2 Handshake, length = 82*** ClientHello, TLSv1.2RandomCookie: GMT: 1464105787 bytes = { 184, 30, 119, 136, 175, 78, 199, 202, 115, 206, 172, 56, 98, 93, 24, 189, 154, 22, 126, 37, 134, 37, 54, 28, 239, 245, 182, 255 }Session ID: {}Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256]Compression Methods: { 0 }Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSAExtension renegotiation_info, renegotiated_connection: <empty>***[read] MD5 and SHA1 hashes: len = 820000: 01 00 00 4E 03 03 57 44 7B 3B B8 1E 77 88 AF 4E ...N..WD.;..w..N0010: C7 CA 73 CE AC 38 62 5D 18 BD 9A 16 7E 25 86 25 ..s..8b].....%.%0020: 36 1C EF F5 B6 FF 00 00 02 00 3D 01 00 00 23 00 6.........=...#.0030: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................0040: 01 03 03 03 01 02 03 02 01 02 02 01 01 FF 01 00 ................0050: 01 00 ..%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]%% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]Thread-1, SEND TLSv1.2 ALERT: fatal, description = handshake_failureThread-1, WRITE: TLSv1.2 Alert, length = 2[Raw write]: length = 70000: 15 03 03 00 02 02 28 ......(Thread-1, called closeSocket()Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common57519 ERROR reading: no cipher suites in commonRemoving client thread 57519 at 0Thread-1, called close()Thread-1, called closeInternal(true)Thread-1, called close()Thread-1, called closeInternal(true)Thread-1, called close()Thread-1, called closeInternal(true)Process finished with exit code 130答案1
小编典典每个验证方,总是服务器,这里的客户端密钥库也因为你指定的NeedClientAuth, 必须有私钥和证书(或多个)
,不仅是证书(或多个)。有两种方法可以做到这一点:
- convert the OpenSSL generated privatekey plus the related certs to PKCS#12, and then either convert the PKCS#12 to JKS or just use the PKCS#12 in Java (JCE can handle it, and recent versions of Java8 even if you specify JKS! – see http://www.oracle.com/technetwork/java/javase/8u60-relnotes-2620227.html under Keystore Compatibility Mode). See:
How to import an existing x509 certificate and private key in Java keystore
to use in SSL?
How can i create keystore from an existing certificate (abc.crt) and abc.key
files?
Importing the private-key/public-certificate pair in the Java
KeyStore
convert certificate from pem into
jks (disclosure: mine)
How to create keystore from cer
files (disclosure: mine)
generate EE privatekey and CSR in Java, then use OpenSSL (with CA key and cert) to issue the EE cert, and import the certs back into the Java keystore:
keytool -keystore server.jks -genkeypair -keyalg RSAbefore j7 best to add -keysize 2048 see below
keytool -keystore server.jks -certreq >server.csr
openssl ca -in server.csr … -out server.crtor submit the CSR to a real CA and get its response
then either install the chain all at once:
cat server.crt ca.crt >temp
keytool -keystore server.jks -importcert -file tempand confirm (need temp so stdin available for confirm;
if using a public CA, can add -trustcacerts and use pipe instead)
or install the certs separately, top down:
keytool -keystore server.jks -importcert -file ca.crt -alias ca
and confirm, THEN
keytool -keystore server.jks -importcert -file server.crt
(last) response must be ‘Certificate reply was installed’
NOT merely ‘Certificate was added’ which means you messed up
and similarly for client
The latter method (separate entries for ca.crt and privatekey+server.crt) has
the advantage this same file can be used as both the keystore and truststore,
you don’t need to use serverkey as clienttrust and vice versa. If these were
real systems, this would be a security benefit.
A final note: you should start using RSA 2048-bit keys. 1024-bit has been
prohibited by authorities like NIST and CABforum since 2014, and although Java
still accepts them, most browsers and many other tools are already warning for
them and likely soon will reject them. For similar reasons you should sign the
certificates with at least SHA256 – this can be set in the config file used
by ca or you can just use the commandline flag -md sha256.
Java 收到致命警报:通过SSLHandshakeException的handshake_failure
如何解决Java 收到致命警报:通过SSLHandshakeException的handshake_failure?
握手失败可能是由于多种原因引起的:
- 客户端和服务器使用的密码套件不兼容。这将要求客户端使用(或启用)服务器支持的密码套件。
- 正在使用不兼容的SSL版本(服务器可能仅接受TLS v1,而客户端只能使用SSL v3)。同样,客户端可能必须确保使用兼容版本的SSL / TLS协议。
- 服务器证书的信任路径不完整;客户端可能不信任服务器的证书。这通常会导致更冗长的错误,但是很有可能。通常,解决方法是将服务器的CA证书导入到客户端的信任库中。
- 证书是针对其他域发布的。同样,这将导致出现更详细的消息,但是如果这是原因,我将在此处进行说明。在这种情况下,解决方案将是使服务器(似乎不是你的服务器)使用正确的证书。 由于无法确定潜在的故障,因此最好打开该 -Djavax.net.debug=all标志以启用对已建立的SSL连接的调试。启用调试后,你可以查明握手中的哪些活动失败。
根据现在可用的详细信息,看来该问题是由于颁发给服务器的证书和根CA之间的证书信任路径不完整所致。在大多数情况下,这是因为信任存储中不存在根CA的证书,导致无法存在证书信任路径的情况。证书基本上不受客户端信任。浏览器可以发出警告,以便用户可以忽略此警告,但是SSL客户端(例如HttpsURLConnection类或任何HTTP客户端库(例如Apache HttpComponents Client))并非如此。
这些客户端类/库中的大多数都将依赖JVM使用的信任库来进行证书验证。在大多数情况下,这将是cacertsJRE_HOME / lib / security目录中的文件。如果信任库的位置已使用JVM系统属性指定javax.net.ssl.trustStore,则该路径中的库通常是客户机库使用的库。如果你有疑问,请查看你的Merchant班级,并弄清用于建立连接的班级/图书馆。
将服务器的证书颁发机构CA添加到此信任存储区应该可以解决此问题。你可以在有关为此目的获取工具的相关问题上参考我的回答,但是Java keytool实用程序足以满足此目的。
警告:信任存储区实质上是你信任的所有CA的列表。如果你输入的证书不属于你不信任的CA,则如果私钥可用,则可以解密到具有由该实体发行的证书的站点的SSL / TLS连接。
更新#2:了解JSSE跟踪的输出
JVM所使用的密钥库和信任库通常在一开始就列出,如下所示:
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Java\jdk1.6.0_21\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
如果使用了错误的信任库,那么你需要将服务器的证书重新导入到正确的证书中,或者将服务器重新配置为使用列出的证书(如果你有多个JVM,则不建议这样做,并且所有JVM都用于不同的JVM)需求)。
如果要验证信任证书列表中是否包含必需的证书,则有一个相同的部分,其开头为:
adding as trusted cert:
Subject: CN=blah, O=blah, C=blah
Issuer: CN=biggerblah, O=biggerblah, C=biggerblah
Algorithm: RSA; Serial number: yadda
Valid from SomeDate until SomeDate
你需要查找服务器的CA是否为主题。
握手过程中将有几个显着的条目(你需要了解SSL才能详细了解它们,但是出于调试当前问题的目的,知道在ServerHello中通常报告出一个handshake_failure就足够了。
- ClientHello
初始化连接时,将报告一系列条目。客户端在SSL / TLS连接设置中发送的第一条消息是ClientHello消息,通常在日志中报告为:
*** ClientHello, TLSv1
RandomCookie: GMT: 1291302508 bytes = { some byte array }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
请注意使用的密码套件。这可能必须与商人.properties文件中的条目一致,因为银行的图书馆可能采用相同的约定。如果使用的约定不同,则无需担心,因为如果密码套件不兼容,ServerHello会声明。
- ServerHello
服务器以ServerHello响应,这将指示连接设置是否可以继续。日志中的条目通常为以下类型:
*** ServerHello, TLSv1
RandomCookie: GMT: 1291302499 bytes = { some byte array}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
***
注意它选择的密码套件;这是服务器和客户端均可使用的最佳套件。如果出现错误,通常不指定密码套件。服务器的证书(以及可选的整个链)是由服务器发送的,可以在以下条目中找到:
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=server, O=server''s org, L=server''s location, ST =Server''s state, C=Server''s country
Signature Algorithm: SHA1withRSA, OID = some identifer
.... the rest of the certificate
***
如果证书验证成功,你将找到类似于以下内容的条目:
Found trusted certificate:
[
[
Version: V1
Subject: OU=Server''s CA, O="Server''s CA''s company name", C=CA''s country
Signature Algorithm: SHA1withRSA, OID = some identifier
上述步骤之一将不会成功,从而导致handshake_failure,因为握手通常在此阶段完成(不是真的,但是握手的后续阶段通常不会导致握手失败)。你需要找出失败的步骤,然后发布适当的消息作为问题的更新(除非你已经理解了该消息,并且知道该怎么做)。
分享改善这个答案
解决方法
授权SSL连接有问题。我已经创建了Struts Action,它使用客户端授权的SSL证书连接到外部服务器。在我的操作中,我尝试将一些数据发送到银行服务器,但是没有任何运气,因为由于服务器的原因,我出现以下错误:
error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我的Action类中的My Method将数据发送到服务器
//Getting external IP from host
URL whatismyip = new URL("http://automation.whatismyip.com/n09230945.asp");
BufferedReader inIP = new BufferedReader(new InputStreamReader(whatismyip.openStream()));
String IPStr = inIP.readLine(); //IP as a String
Merchant merchant;
System.out.println("amount: " + amount + ",currency: " + currency + ",clientIp: " + IPStr + ",description: " + description);
try {
merchant = new Merchant(context.getRealPath("/") + "merchant.properties");
} catch (ConfigurationException e) {
Logger.getLogger(HomeAction.class.getName()).log(Level.INFO,"message",e);
System.err.println("error: " + e.getMessage());
return ERROR;
}
String result = merchant.sendTransData(amount,currency,IPStr,description);
System.out.println("result: " + result);
return SUCCESS;
我的merchant.properties文件:
bank.server.url=https://-servernameandport-/
https.cipher=-cipher-
keystore.file=-key-.jks
keystore.type=JKS
keystore.password=-password-
ecomm.server.version=2.0
encoding.source=UTF-8
encoding.native=UTF-8
我第一次以为这是证书问题,我将其从.pfx转换为.jks,但我遇到了相同的错误,没有任何更改。
今天关于接收SSLHandshakeException:尽管我的客户端忽略了所有证书,但是handshake_failure的讲解已经结束,谢谢您的阅读,如果想了解更多关于3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误、Android 11的javax.net.ssl.SSLHandshakeException、Java SSLHandshakeException:没有通用的密码套件、Java 收到致命警报:通过SSLHandshakeException的handshake_failure的相关知识,请在本站搜索。
本文标签:
