这篇文章主要围绕SSLHandshakeException:没有主题备用名称和它的证书没有指定主题备用名称展开,旨在为您提供一份详细的参考资料。我们将全面介绍SSLHandshakeException
这篇文章主要围绕SSLHandshakeException:没有主题备用名称和它的证书没有指定主题备用名称展开,旨在为您提供一份详细的参考资料。我们将全面介绍SSLHandshakeException:没有主题备用名称的优缺点,解答它的证书没有指定主题备用名称的相关问题,同时也会为您带来3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误、Android 11的javax.net.ssl.SSLHandshakeException、Java SSLHandshakeException“没有共同的密码套件”、Java SSLHandshakeException:没有通用的密码套件的实用方法。
本文目录一览:- SSLHandshakeException:没有主题备用名称(它的证书没有指定主题备用名称)
- 3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误
- Android 11的javax.net.ssl.SSLHandshakeException
- Java SSLHandshakeException“没有共同的密码套件”
- Java SSLHandshakeException:没有通用的密码套件
SSLHandshakeException:没有主题备用名称(它的证书没有指定主题备用名称)
我正在通过Java代码调用HTTPS SOAP Web服务。我已经在jre cacerts密钥库中导入了自签名证书。现在我得到:
com.sun.xml.internal.ws.com.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present服务URL的主机名与cert中提供的CN的主机名不匹配。我在这里阅读了有关定义自定义主机名验证程序的解决方法。但是我无法在我的代码中提出实现此解决方法的位置。
public SOAPMessage invokeWS(WSBean bean) throws Exception { SOAPMessage response=null; try{ /** Create a service and add at least one port to it. **/ String targetNameSpace = bean.getTargetNameSpace(); String endpointUrl = bean.getEndpointUrl(); QName serviceName = new QName(targetNameSpace, bean.getServiceName()); QName portName = new QName(targetNameSpace, bean.getPortName()); String SOAPAction = bean.getSOAPAction(); HashMap<String, String> map = bean.getParameters(); Service service = Service.create(serviceName); service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointUrl); /** Create a Dispatch instance from a service. **/ Dispatch dispatch = service.createDispatch(portName, SOAPMessage.class, Service.Mode.MESSAGE); // The soapActionUri is set here. otherwise we get a error on .net based // services. dispatch.getRequestContext().put(Dispatch.SOAPACTION_USE_PROPERTY, new Boolean(true)); dispatch.getRequestContext().put(Dispatch.SOAPACTION_URI_PROPERTY, SOAPAction); /** Create SOAPMessage request. **/ // compose a request message MessageFactory messageFactory = MessageFactory.newInstance(); SOAPMessage message = messageFactory.createMessage(); // Create objects for the message parts SOAPPart soapPart = message.getSOAPPart(); SOAPEnvelope envelope = soapPart.getEnvelope(); SOAPBody body = envelope.getBody(); SOAPElement bodyElement = body.addChildElement(bean.getInputMethod(), bean.getPrefix(), bean.getTargetNameSpace()); ...more code to form soap body goes here // Print request message.writeTo(System.out); // Save the message message.saveChanges(); response = (SOAPMessage)dispatch.invoke(message); } catch (Exception e) { log.error("Error in invokeSiebelWS :"+e); } return response;}请忽略WSBean参数,因为名称空间和其他wsdl属性都来自此bean。如果可以通过一些不同的解决方法解决此异常,请提出建议。
答案1
小编典典谢谢,布鲁诺让我了解了“通用名称”和“主题备用名称”。如我们所知,证书是使用CN生成的,其DNS名称为网络,并要求使用主题备用名称条目(即san =
ip:10.0.0.1)重新生成新证书。这是 实际的解决方案 。
但是,我们设法找到了可以在开发阶段运行的 解决方法 。只需在我们要建立ssl连接的类中添加一个静态块。
static { HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { // ip address of the service URL(like.23.28.244.244) if (hostname.equals("23.28.244.244")) return true; return false; } });}如果您恰巧使用的是Java 8,则可以通过多种方法获得相同的结果:
static { HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> hostname.equals("127.0.0.1"));}
3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误
使用Jmeter做测试的时候,出现 javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误,解决方式是修改java安装路径的文件: G:\Java\jre1.8.0_201\lib\security\java.security。把注释的 crypto.policy=unlimited 放开。
参考文档: https://blog.csdn.net/kevin_mails/article/details/82143490
http://xwiz.cn/2018-05-09-java-ssl-ciphersuite
Android 11的javax.net.ssl.SSLHandshakeException
如何解决Android 11的javax.net.ssl.SSLHandshakeException?
尝试在Android 11上使用HTTPS连接到我的服务器时,我的应用程序抛出javax.net.ssl.SSLHandshakeException错误。
可能是什么原因造成的?我正在通过CloudFlare使用完全SSL。 Android 11是否需要完整的SSL(严格)?
2020-09-12 19:21:37.131 20726-20857/? I/APP: I 09/12/2020 19:21:37:130 b7ef51e0 Net| POST request (Pull): sync.mydomain.com/rc/v1/app/login
2020-09-12 19:21:37.146 206-212/? E/android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup34: Permission denied
2020-09-12 19:21:37.149 206-212/? E/android.system.suspend@1.0-service: Error opening kernel wakelock stats for: wakeup35: Permission denied
2020-09-12 19:21:37.143 206-206/? W/Binder:206_2: type=1400 audit(0.0:3377): avc: denied { read } for name="wakeup34" dev="sysfs" ino=18474 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
2020-09-12 19:21:37.147 206-206/? W/Binder:206_2: type=1400 audit(0.0:3378): avc: denied { read } for name="wakeup35" dev="sysfs" ino=18534 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
2020-09-12 19:21:37.192 20726-20857/? I/APP: I 09/12/2020 19:21:37:192 b7ef51e0 SSLImplJava| SSL connect to sync.mydomain.com:443
2020-09-12 19:21:37.192 20726-20857/? I/APP: I 09/12/2020 19:21:37:192 b7ef51e0 SSLImplJava| Creating secure SSL factory
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| Creating TrustManager for system certificates
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| Loading all SSL certificates from config
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| SSL certificates loaded: 0
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| Creating TrustManager for custom certificates
2020-09-12 19:21:37.193 20726-20857/? I/APP: I 09/12/2020 19:21:37:193 b7ef51e0 SSLImplJava| clientSSLCertificate is
2020-09-12 19:21:37.195 20726-20857/? I/APP: I 09/12/2020 19:21:37:195 b7ef51e0 SSLImplJava| Secure SSL factory initialization completed
2020-09-12 19:21:37.196 20726-20857/? I/APP: E 09/12/2020 19:21:37:196 b7ef51e0 SSLImplJava| Call of "connect" Failed: SSLHandshakeException: Attempt to invoke virtual method ''void java.io.OutputStream.write(byte[],int,int)'' on a null object reference
2020-09-12 19:21:37.197 20726-20857/? W/System.err: javax.net.ssl.SSLHandshakeException: Attempt to invoke virtual method ''void java.io.OutputStream.write(byte[],int)'' on a null object reference
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.doHandshake(ConscryptEnginesocket.java:276)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.startHandshake(ConscryptEnginesocket.java:217)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.waitForHandshake(ConscryptEnginesocket.java:563)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.getoutputStream(ConscryptEnginesocket.java:298)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.rhomobile.rhodes.socket.SSLImpl.connect(SSLImpl.java:639)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: Caused by: java.lang.NullPointerException: Attempt to invoke virtual method ''void java.io.OutputStream.write(byte[],int)'' on a null object reference
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket$SSLOutputStream.writetoSocket(ConscryptEnginesocket.java:715)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket$SSLOutputStream.writeInternal(ConscryptEnginesocket.java:689)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket$SSLOutputStream.access$200(ConscryptEnginesocket.java:616)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: at com.android.org.conscrypt.ConscryptEnginesocket.doHandshake(ConscryptEnginesocket.java:245)
2020-09-12 19:21:37.197 20726-20857/? W/System.err: ... 4 more
2020-09-12 19:21:37.197 20726-20857/? I/APP: E 09/12/2020 19:21:37:197 b7ef51e0 Net| Operation finished with error 35: SSL connect error
2020-09-12 19:21:37.197 20726-20857/? I/APP: E 09/12/2020 19:21:37:197 b7ef51e0 Net| CURLNetRequest: METHOD = [POST] URL = [https://sync.mydomain.com/rc/v1/app/login] BODY = [{"login":"","password":"","remember_me":1}]
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)
Java SSLHandshakeException“没有共同的密码套件”
如何解决Java SSLHandshakeException“没有共同的密码套件”?
你正在SSLContext使用null KeyManager数组进行初始化。
密钥管理器负责处理服务器证书(在服务器端),这是使用时可能要设置的目标javax.net.ssl.keyStore。
但是,正如《JSSE参考指南》中所述,null对第一个参数使用并不会像你认为的那样起作用:
如果KeyManager []参数为null,则将为此上下文定义一个空的KeyManager。如果TrustManager []参数为null,则将在已安装的安全提供程序中搜索TrustManagerFactory的最高优先级实现,从中将获取适当的TrustManager。同样,SecureRandom参数可以为null,在这种情况下,将使用默认实现。
一个空白KeyManager不包含任何RSA或DSA证书。因此,将禁用所有依赖于此类证书的默认密码套件。这就是为什么你会收到所有这些“ 忽略不可用的密码套件 ”消息的原因,从而最终导致“ 没有公共密码套件 ”消息。
如果希望将密钥库用作密钥库,则需要加载它并使用它初始化KeyManagerFactory:
KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("...");
try {
ks.load(ksIs, "password".tochararray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
kmf.init(ks, "keypassword".tochararray());
使用kmf.getKeyManagers()作为第一个参数SSLContext.init()。
对于其他两个参数,由于显然不请求客户端证书身份验证,因此应将信任管理器保留为默认值(null),而不是复制/粘贴可能导致漏洞的信任管理器,并且还可以使用默认值null SecureRandom。
解决方法
我正在使用SSLServerSocket接受我的openSUSE服务器上的客户端连接,但是它们都无法连接。我总是得到SSLHandshakeException的说法no cipher suites in common。我已经激活了所有可能的套件,启用了多个协议,并尝试了最新的Oracle JRE和openjdk。另外,我还关注了论坛和相关内容上的其他几篇文章,并“解锁”了Oracle jre中的所有密码套件,并像这样更改了openjdk jre的设置:
禁用:#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg 和启用:security.provider.9=sun.security.ec.SunEC
这是我初始化SSLServerSocket的方式:
System.setProperty("javax.net.ssl.keyStore","./keystore");
System.setProperty("javax.net.ssl.keyStorePassword","nopassword");
java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation","true");
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs,String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null,trustAllCerts,new SecureRandom());
SSLServerSocket ssl = (SSLServerSocket) sc.getServerSocketFactory().createServerSocket(
DownloadFilelist.PORT);
// Got rid of:
//ssl.setEnabledCipherSuites(sc.getServerSocketFactory().getSupportedCipherSuites());
ssl.setEnabledProtocols(new String[] {"TLSv1","TLSv1.1","TLSv1.2","SSLv3"});
// System.out.println(Arrays.toString(ssl.getEnabledCipherSuites()));
s = ssl;
// s = new ServerSocket(DownloadFilelist.PORT);
s.setSoTimeout(TIMEOUT);
问题是我找不到客户想要的密码套件,而我也无法影响它。我从开始程序-Djavax.net.debug=ssl,handshake,这是结果。你们中的某人可以找出问题所在吗?
编辑密钥库是用以下命令生成的:keytool -genkey -keyalg RSA -keystore ./keystore
如果有帮助的话,请参见此页面上的代码(好像格式没有弄乱):
trigger seeding of SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
main,setSoTimeout(2000) called
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello,TLSv1
RandomCookie: GMT: 1361763651 bytes = { 159,113,250,254,103,37,66,234,127,4,36,240,60,252,55,112,6,224,192,181,146,163,63,148,152,255,77,8 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main,WRITE: TLSv1 Handshake,length = 67
main,READ: TLSv1 Handshake,length = 81
*** ServerHello,TLSv1
RandomCookie: GMT: 1361763767 bytes = { 249,20,120,68,76,110,168,235,47,91,119,64,151,242,169,191,111,105,90,173,223,133,12,1,247 }
Session ID: {246,209,13,188,190,246,14,49,183,202,121,162,165,71,220,233,245,215,203,94,148}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info,renegotiated_connection: <empty>
***
%% Initialized: [Session-1,TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
main,length = 933
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=dc.hadiko.de,O=hadiko dc,L=town,ST=land of the free,C=de
Signature Algorithm: SHA1withRSA,OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key,2048 bits
modulus: 22613010171436639614880560956464961031555258188367451246658444583390999370970098210909007150132692078653881042731046316239498513359691936582885343174669796075601988313858262934995935649363223919652108615287224220030023261629874169998331654587246748976585212101810697310529416436829153514374554242128947092694064999520197281527578067183301918060451970607703466399571245107774569719996572643148013190800713656468629158991997127544540177983174906099325217344868710319256330960086862269228933938482311029685238274537823670267001618579382801319470736924423550865055775144486750164961588873175599114046362924859400297960451
public exponent: 65537
Validity: [From: Sat Jul 07 12:56:23 CEST 2012,To: Tue Jul 07 12:56:23 CEST 2015]
Issuer: CN=dc.hadiko.de,C=de
SerialNumber: [ 8682354f f94fbbb5]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17 F3 4E EE F6 6C 6C 88 16 C....!...N..ll..
0010: 08 3C 67 8E .<g.
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17 F3 4E EE F6 6C 6C 88 16 C....!...N..ll..
0010: 08 3C 67 8E .<g.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 14 83 48 D3 EC 39 49 E3 9C BC 20 F5 BF E4 32 33 ..H..9I... ...23
0010: 5F 09 8F 2D F2 C3 82 80 79 93 9A C1 97 93 92 D9 _..-....y.......
0020: D0 DA 4D B2 FC A1 43 60 1F B9 EA 4C 29 D7 79 D0 ..M...C`...L).y.
0030: 66 8C 25 14 EB 9D 60 94 D7 F4 15 33 8B 17 24 24 f.%...`....3..$$
0040: 5C 65 26 3D C3 B0 8A 51 B6 27 01 D1 A6 A3 68 87 \e&=...Q.''....h.
0050: 2D 6F 0B E6 00 96 B6 CF BC E9 D2 9C 7E 19 9E E1 -o..............
0060: 3A 96 42 2E B7 E8 C0 70 01 99 20 39 89 6D 94 2B :.B....p.. 9.m.+
0070: 76 2F F1 0E 6D 2D 9B 52 77 D3 63 6A 11 DC A3 E6 v/..m-.Rw.cj....
0080: 4E 0E 64 6D FA 77 BC 1E 4F C3 91 AD 21 F7 5D 31 N.dm.w..O...!.]1
0090: F9 04 A5 FA 34 EF 43 61 F1 42 32 5A 9B D1 16 84 ....4.Ca.B2Z....
00A0: 07 2B CA 01 AF 84 54 D2 A9 C4 3A 7A EA D1 2A 95 .+....T...:z..*.
00B0: 47 30 03 BA 48 C4 57 1F 78 58 6C 7A 56 60 40 2C G0..H.W.xXlzV`@,00C0: 6A 17 15 3F 43 A5 FB 81 4D 9D 1B DC A7 CE 78 D1 j..?C...M.....x.
00D0: 5A 66 97 79 04 55 DA 34 3C B2 CD 9A 62 EE 32 22 Zf.y.U.4<...b.2"
00E0: 70 84 0E 3E 5D 7F 91 0D A5 D4 84 6B F3 E9 40 E9 p..>]......k..@.
00F0: E8 69 D7 E5 FC B6 0A 4C 35 66 CC BA E5 38 12 A0 .i.....L5f...8..
]
***
main,length = 4
*** ServerHelloDone
*** ClientKeyExchange,RSA PreMasterSecret,TLSv1
main,length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 59 D3 0F F9 95 E8 DC E2 C2 4A 2B 93 79 55 ..Y........J+.yU
0010: 0B 1A 43 5E F4 0A 73 F1 13 E1 00 DF 78 55 F6 52 ..C^..s.....xU.R
0020: 4E 6A D3 2C F8 08 A1 B3 03 DF C9 5E 8C 14 8D 4E Nj.,.......^...N
CONNECTION KEYGEN:
Client Nonce:
0000: 51 2B DD 43 9F 71 FA FE 67 25 42 EA 7F 04 24 F0 Q+.C.q..g%B...$.
0010: 3C FC 37 70 06 E0 C0 B5 92 A3 3F 94 98 FF 4D 08 <.7p......?...M.
Server Nonce:
0000: 51 2B DE B7 F9 14 78 44 4C 6E A8 EB 2F 5B 77 40 Q+....xDLn../[w@
0010: 97 F2 A9 BF 6F 69 92 5A AD DF 37 7F 85 0C 01 F7 ....oi.Z..7.....
Master Secret:
0000: 3E 9E 24 42 3D E4 82 AF AD 97 76 EF 06 EF FB FD >.$B=.....v.....
0010: C8 1A D5 7E 8E A2 74 4D E8 E7 B9 1E 60 E9 E0 6F ......tM....`..o
0020: 09 E3 56 81 FC 2D 20 D9 69 6B 26 C3 0B C5 53 5F ..V..- .ik&...S_
Client MAC write Secret:
0000: 04 30 70 7E A9 4A 1F 88 55 F8 31 31 75 36 40 35 .0p..J..U.11u6@5
0010: 25 65 24 5D %e$]
Server MAC write Secret:
0000: 8B C1 65 50 6D 11 21 32 CD 50 3A AB 0F 2E A5 FC ..ePm.!2.P:.....
0010: C7 30 E6 EC .0..
Client write key:
0000: 25 D7 96 B0 9A 1F 49 95 06 4D 05 36 2E D0 38 04 %.....I..M.6..8.
0010: 0F 32 15 2E 8F 0A 6C 79 F8 ED E8 9B FE 5C 2C D8 .2....ly.....\,.
Server write key:
0000: 4A 91 5D DF B2 FE 6F 35 3E 8A 21 DF 17 E0 35 F0 J.]...o5>.!...5.
0010: DB 97 4C 7E 18 07 7E 27 DD AD BC C4 C4 28 C5 E1 ..L....''.....(..
Client write IV:
0000: B6 C1 98 05 9B 37 F9 0F 4E 0C 0F 6E 08 8A 26 C9 .....7..N..n..&.
Server write IV:
0000: 0E 83 27 3E 3B 40 E8 BE 4C 58 C4 5F EF E4 D3 4C ..''>;@..LX._...L
main,WRITE: TLSv1 Change Cipher Spec,length = 1
*** Finished
verify_data: { 23,134,30,81,239,135,238,80 }
***
main,length = 48
main,READ: TLSv1 Change Cipher Spec,length = 1
main,length = 48
*** Finished
verify_data: { 254,182,228,50,214,35,175,100,128,102,152 }
***
%% Cached client session: [Session-1,TLS_RSA_WITH_AES_256_CBC_SHA]
main,WRITE: TLSv1 Application Data,length = 48
HSent: HSUP ADBASE ADTIGR ADBLOM
main,READ: TLSv1 Application Data,length = 32
main,length = 288
ClientManager,length = 32
ClientManager,length = 96
[...] (Cut out becauseI exceeded body limit.)
ClientManager,length = 80
ClientManager,length = 80
main,length = 64
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
A client,READ: SSLv3 Handshake,length = 112
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** ClientHello,TLSv1.2
RandomCookie: GMT: 1361763651 bytes = { 47,7,95,25,28,159,184,149,67,123,98,253,108,88,52,76 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension renegotiation_info,renegotiated_connection: <empty>
Extension signature_algorithms,signature_algorithms: Unknown (hash:0x4,signature:0x2),SHA256withRSA,SHA1withRSA,SHA1withDSA
***
%% Initialized: [Session-2,SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-2,SSL_NULL_WITH_NULL_NULL]
A client,SEND TLSv1.2 ALERT: fatal,description = handshake_failure
A client,WRITE: TLSv1.2 Alert,length = 2
A client,called closeSocket()
A client,handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
输出包含一个连接到可以正常工作的另一台服务器,然后连接到我的服务器。我无法删除其他连接,因为我正在获取有关如何通过此连接进行连接的信息。如果可以的话,我可以在首次连接后启用调试,但是我不知道如何…
我删除了所有不相关的输出(我创建的输出)。
更新:
我什至连不上自己。当我创建一个SSLServerSocket和一个SSLSocket在同一应用程序中连接到它时,会出现相同的错误。但是,当我比较启用的密码套件的列表时,两个套接字都支持一堆套件。我已经在Windows 7 64bit上使用最新的JDK对它进行了测试。
更新:
我只是使用教程从头开始程序的服务器部分,并且神奇地起作用了……我不知道为什么,但是似乎我应该使用尽可能多的标准实现。我对布鲁诺(Bruno)声名远扬,因为他在工作中付出了最大的努力。
Java SSLHandshakeException:没有通用的密码套件
我正在尝试通过Java SSLSockets将安全性应用于简单的聊天应用程序。
我创建了一个自签名的CA,并用它签署了两个证书(全部使用了RSA密钥),一个证书用于服务器,一个证书用于客户端。之后,我将证书导入服务器的密钥库和客户端的密钥库。
CA :
openssl genrsa -out ca.key 1024 -rsa
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -out ca.crt -signkey ca.key
SERVER CERTIFICATE:
openssl genrsa -out server.key 1024 -rsa
openssl req -new -key server.key -out server.csr
openssl ca -in server.csr -cert ca.crt -keyfile ca.key -out server.crt
CLIENT CERTIFICATE :
openssl genrsa -out client.key 1024 -rsa
openssl req -new -key client.key -out client.csr
openssl ca -in client.csr -cert ca.crt -keyfile ca.key -out client.crt
KEYSTORES:
keytool -import -keystore serverkeystore -file ca.crt -alias theCARoot
keytool -import -keystore serverkeystore -file server.crt -alias servercrt
keytool -import -keystore serverkeystore -file client.crt -alias clientcrt
keytool -import -keystore clientkeystore -file ca.crt -alias theCARoot
keytool -import -keystore clientkeystore -file server.crt -alias servercrt
keytool -import -keystore clientkeystore -file client.crt -alias clientcrt
我想使用特定的密码,但显然所有受支持的密码均无效。
我为客户提供的代码:
import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
import javax.net.ssl.*;
public class ChatClient implements Runnable
{
private SSLSocket socket = null;
private Thread thread = null;
private DataInputStream console = null;
private DataOutputStream streamOut = null;
private ChatClientThread client = null;
final String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_256_CBC_SHA256"};
final char[] passphrase = "123456".toCharArray();
public ChatClient(String serverName,int serverPort)
{
System.out.println("Establishing connection to server...");
try
{
SSLSocketFactory factory = null;
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks= KeyStore.getInstance("JKS");
ks.load(new FileInputStream("clientkeystore"),passphrase);
kmf.init(ks,passphrase);
KeyStore serverKey = KeyStore.getInstance("JKS");
serverKey.load(new FileInputStream("serverkeystore"),passphrase);
TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
trustManager.init(serverKey);
ctx.init(kmf.getKeyManagers(),trustManager.getTrustManagers(),null);
factory = ctx.getSocketFactory();
socket = (SSLSocket)factory.createSocket(serverName,serverPort);
socket.setEnabledCipherSuites(enabledCipherSuites);
start();
}
catch(UnknownHostException uhe)
{
// Host unkwnown
System.out.println("Error establishing connection - host unknown: " + uhe.getMessage());
}
catch(IOException ioexception)
{
// Other error establishing connection
System.out.println("Error establishing connection - unexpected exception: " + ioexception.getMessage());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
public void run()
{
while (thread != null)
{
try
{
// Sends message from console to server
streamOut.writeUTF(console.readLine());
streamOut.flush();
}
catch(IOException ioexception)
{
System.out.println("Error sending string to server: " + ioexception.getMessage());
stop();
}
}
}
public void handle(String msg)
{
// Receives message from server
if (msg.equals(".quit"))
{
// Leaving,quit command
System.out.println("Exiting...Please press RETURN to exit ...");
stop();
}
else
// else,writes message received from server to console
System.out.println(msg);
}
// Inits new client thread
public void start() throws IOException
{
console = new DataInputStream(System.in);
streamOut = new DataOutputStream(socket.getOutputStream());
if (thread == null)
{
client = new ChatClientThread(this,socket);
thread = new Thread(this);
thread.start();
}
}
// Stops client thread
public void stop()
{
if (thread != null)
{
thread.stop();
thread = null;
}
try
{
if (console != null) console.close();
if (streamOut != null) streamOut.close();
if (socket != null) socket.close();
}
catch(IOException ioe)
{
System.out.println("Error closing thread..."); }
client.close();
client.stop();
}
public static void main(String args[])
{
ChatClient client = null;
if (args.length != 2)
// Displays correct usage syntax on stdout
System.out.println("Usage: java ChatClient host port");
else
// Calls new client
client = new ChatClient(args[0],Integer.parseInt(args[1]));
}
}
class ChatClientThread extends Thread
{
private SSLSocket socket = null;
private ChatClient client = null;
private DataInputStream streamIn = null;
public ChatClientThread(ChatClient _client,SSLSocket _socket)
{
client = _client;
socket = _socket;
open();
start();
}
public void open()
{
try
{
streamIn = new DataInputStream(socket.getInputStream());
}
catch(IOException ioe)
{
System.out.println("Error getting input stream: " + ioe);
client.stop();
}
}
public void close()
{
try
{
if (streamIn != null) streamIn.close();
}
catch(IOException ioe)
{
System.out.println("Error closing input stream: " + ioe);
}
}
public void run()
{
while (true)
{ try
{
client.handle(streamIn.readUTF());
}
catch(IOException ioe)
{
System.out.println("Listening error: " + ioe.getMessage());
client.stop();
}
}
}
}
对于服务器:
import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.net.ServerSocketFactory;
import javax.net.ssl.*;
public class ChatServer implements Runnable
{
private ChatServerThread clients[] = new ChatServerThread[20];
private SSLServerSocket server_socket = null;
private Thread thread = null;
private int clientCount = 0;
final String[] enabledCipherSuites = {"TLS_RSA_WITH_AES_256_CBC_SHA256"};
final char[] passphrase = "123456".toCharArray();
public ChatServer(int port)
{
try
{
// Binds to port and starts server
System.out.println("Binding to port " + port);
SSLContext ctx = SSLContext.getInstance("TLS");;
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("serverkeystore"),passphrase);
KeyStore serverKey = KeyStore.getInstance("JKS");
serverKey.load(new FileInputStream("clientkeystore"),passphrase);
TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
trustManager.init(serverKey);
ctx.init(kmf.getKeyManagers(),null);
SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
server_socket = (SSLServerSocket) ssf.createServerSocket(port);
server_socket.setEnabledCipherSuites(enabledCipherSuites);
server_socket.setNeedClientAuth(true);
System.out.println("Server started: " + server_socket);
start();
}
catch(IOException ioexception)
{
// Error binding to port
System.out.println("Binding error (port=" + port + "): " + ioexception.getMessage());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
public void run()
{
while (thread != null)
{
try
{
// Adds new thread for new client
System.out.println("Waiting for a client ...");
addThread((SSLSocket)server_socket.accept());
}
catch(IOException ioexception)
{
System.out.println("Accept error: " + ioexception); stop();
}
}
}
public void start()
{
if (thread == null)
{
// Starts new thread for client
thread = new Thread(this);
thread.start();
}
}
public void stop()
{
if (thread != null)
{
// Stops running thread for client
thread.stop();
thread = null;
}
}
private int findClient(int ID)
{
// Returns client from id
for (int i = 0; i < clientCount; i++)
if (clients[i].getID() == ID)
return i;
return -1;
}
public synchronized void handle(int ID,String input)
{
if (input.equals(".quit"))
{
int leaving_id = findClient(ID);
// Client exits
clients[leaving_id].send(".quit");
// Notify remaing users
for (int i = 0; i < clientCount; i++)
if (i!=leaving_id)
clients[i].send("Client " +ID + " exits..");
remove(ID);
}
else
// Brodcast message for every other client online
for (int i = 0; i < clientCount; i++)
clients[i].send(ID + ": " + input);
}
public synchronized void remove(int ID)
{
int pos = findClient(ID);
if (pos >= 0)
{
// Removes thread for exiting client
ChatServerThread toTerminate = clients[pos];
System.out.println("Removing client thread " + ID + " at " + pos);
if (pos < clientCount-1)
for (int i = pos+1; i < clientCount; i++)
clients[i-1] = clients[i];
clientCount--;
try
{
toTerminate.close();
}
catch(IOException ioe)
{
System.out.println("Error closing thread: " + ioe);
}
toTerminate.stop();
}
}
private void addThread(SSLSocket socket)
{
if (clientCount < clients.length)
{
// Adds thread for new accepted client
System.out.println("Client accepted: " + socket);
clients[clientCount] = new ChatServerThread(this,socket);
try
{
clients[clientCount].open();
clients[clientCount].start();
clientCount++;
}
catch(IOException ioe)
{
System.out.println("Error opening thread: " + ioe);
}
}
else
System.out.println("Client refused: maximum " + clients.length + " reached.");
}
public static void main(String args[])
{
ChatServer server = null;
if (args.length != 1)
// Displays correct usage for server
System.out.println("Usage: java ChatServer port");
else
// Calls new server
server = new ChatServer(Integer.parseInt(args[0]));
}
}
class ChatServerThread extends Thread
{
private ChatServer server = null;
private SSLSocket socket = null;
private int ID = -1;
private DataInputStream streamIn = null;
private DataOutputStream streamOut = null;
public ChatServerThread(ChatServer _server,SSLSocket _socket)
{
super();
server = _server;
socket = _socket;
ID = socket.getPort();
}
// Sends message to client
public void send(String msg)
{
try
{
streamOut.writeUTF(msg);
streamOut.flush();
}
catch(IOException ioexception)
{
System.out.println(ID + " ERROR sending message: " + ioexception.getMessage());
server.remove(ID);
stop();
}
}
// Gets id for client
public int getID()
{
return ID;
}
// Runs thread
public void run()
{
System.out.println("Server Thread " + ID + " running.");
while (true)
{
try
{
server.handle(ID,streamIn.readUTF());
}
catch(IOException ioe)
{
System.out.println(ID + " ERROR reading: " + ioe.getMessage());
server.remove(ID);
stop();
}
}
}
// Opens thread
public void open() throws IOException
{
streamIn = new DataInputStream(new BufferedInputStream(socket.getInputStream()));
streamOut = new DataOutputStream(new BufferedOutputStream(socket.getOutputStream()));
}
// Closes thread
public void close() throws IOException
{
if (socket != null) socket.close();
if (streamIn != null) streamIn.close();
if (streamOut != null) streamOut.close();
}
}
对不起,如果我的英语有点生锈。
我的操作系统是OS X El Capitan,Java版本是1.8。
Here is the server's stack trace:
/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/bin/java -Djavax.net.debug=all -Didea.launcher.port=7536 "-Didea.launcher.bin.path=/Applications/IntelliJ IDEA 15.app/Contents/bin" -Dfile.encoding=UTF-8 -classpath "/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/lib/tools.jar:/Users/joaogoncalves/Dropbox/STI/out/production/STI Assignment 3:/Applications/IntelliJ IDEA 15.app/Contents/lib/idea_rt.jar" com.intellij.rt.execution.application.AppMain ChatServer 5000
Binding to port 5000
adding as trusted cert:
Subject: CN=Joao Goncalves,OU=DEQ,O=UC,ST=Coimbra,C=PT
Issuer: CN=DEI,OU=DEI,L=Coimbra,C=PT
Algorithm: RSA; Serial number: 0xc94895f3863a5c36
Valid from Mon May 23 23:43:42 WEST 2016 until Tue May 23 23:43:42 WEST 2017
adding as trusted cert:
Subject: CN=www.uc.pt,OU=DEM,C=PT
Algorithm: RSA; Serial number: 0xc94895f3863a5c35
Valid from Mon May 23 23:42:54 WEST 2016 until Tue May 23 23:42:54 WEST 2017
adding as trusted cert:
Subject: CN=DEI,C=PT
Algorithm: RSA; Serial number: 0xdb931da4e1abec22
Valid from Mon May 23 23:42:03 WEST 2016 until Tue May 23 23:42:03 WEST 2017
trigger seeding of SecureRandom
done seeding SecureRandom
Server started: [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=5000]]
Waiting for a client ...
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Client accepted: 74ce57fc[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=57519,localport=5000]]
Waiting for a client ...
Server Thread 57519 running.
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
No available cipher suite for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
No available cipher suite for TLSv1.1
[Raw read]: length = 5
0000: 16 03 03 00 52 ....R
[Raw read]: length = 82
0000: 01 00 00 4E 03 03 57 44 7B 3B B8 1E 77 88 AF 4E ...N..WD.;..w..N
0010: C7 CA 73 CE AC 38 62 5D 18 BD 9A 16 7E 25 86 25 ..s..8b].....%.%
0020: 36 1C EF F5 B6 FF 00 00 02 00 3D 01 00 00 23 00 6.........=...#.
0030: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
0040: 01 03 03 03 01 02 03 02 01 02 02 01 01 FF 01 00 ................
0050: 01 00 ..
Thread-1,READ: TLSv1.2 Handshake,length = 82
*** ClientHello,TLSv1.2
RandomCookie: GMT: 1464105787 bytes = { 184,30,119,136,175,78,199,202,115,206,172,56,98,93,24,189,154,22,126,37,134,54,28,239,245,182,255 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256]
Compression Methods: { 0 }
Extension signature_algorithms,signature_algorithms: SHA512withECDSA,SHA512withRSA,SHA384withECDSA,SHA384withRSA,SHA256withECDSA,SHA256withRSA,SHA224withECDSA,SHA224withRSA,SHA1withECDSA,SHA1withRSA,SHA1withDSA,MD5withRSA
Extension renegotiation_info,renegotiated_connection: <empty>
***
[read] MD5 and SHA1 hashes: len = 82
0000: 01 00 00 4E 03 03 57 44 7B 3B B8 1E 77 88 AF 4E ...N..WD.;..w..N
0010: C7 CA 73 CE AC 38 62 5D 18 BD 9A 16 7E 25 86 25 ..s..8b].....%.%
0020: 36 1C EF F5 B6 FF 00 00 02 00 3D 01 00 00 23 00 6.........=...#.
0030: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
0040: 01 03 03 03 01 02 03 02 01 02 02 01 01 FF 01 00 ................
0050: 01 00 ..
%% Initialized: [Session-1,SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-1,SSL_NULL_WITH_NULL_NULL]
Thread-1,SEND TLSv1.2 ALERT: fatal,description = handshake_failure
Thread-1,WRITE: TLSv1.2 Alert,length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
Thread-1,called closeSocket()
Thread-1,handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
57519 ERROR reading: no cipher suites in common
Removing client thread 57519 at 0
Thread-1,called close()
Thread-1,called closeInternal(true)
Thread-1,called closeInternal(true)
Process finished with exit code 130
我们今天的关于SSLHandshakeException:没有主题备用名称和它的证书没有指定主题备用名称的分享已经告一段落,感谢您的关注,如果您想了解更多关于3、javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 错误、Android 11的javax.net.ssl.SSLHandshakeException、Java SSLHandshakeException“没有共同的密码套件”、Java SSLHandshakeException:没有通用的密码套件的相关信息,请在本站查询。
本文标签:
