堆栈内存溢出
  简体   繁体   English

由于切换到Java 7,FTPS客户端无法与FTPS服务器通信

[英]FTPS client can't talk to FTPS server since switching to java 7

 原文  2013-12-14 18:22:34       java/ ssl/ java-7/ incompatibility

问题描述

The configuration 配置

I'm using the FtpsClient from apache commons net 3.0.1 to talk to the FtpServer from apache ftpserver 1.0.6. 我正在使用来自apache commons net 3.0.1的FtpsClient与来自apache ftpserver 1.0.6的FtpServer进行通信。

Client and server use FTPS with installed certificates on both sides. 客户端和服务器使用FTPS双方都安装了证书。 The failing code is a junit test running client and server in separate threads. 失败的代码是在单独的线程中运行客户端和服务器的junit测试。 The certificates are generated and put in keystores within the junit test. 将生成证书并将其放入junit测试中的密钥库中。

The Problem 问题

The communication succeeds when running with java 6. But after switching to java 7 I get the error: 使用Java 6运行时,通信成功。但是切换到Java 7后,出现错误消息: 

%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown

What I already tried: 我已经尝试过的

  • I upgraded to apache commons net 3.3 and apache mina 2.0.7 without any change in the behaviour. 我升级到apache commons net 3.3和apache mina 2.0.7,但没有任何行为改变。

  • I also removed the line 我也删除了

    jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

    from the file java.security inside the JDK7. 从JDK7内的文件java.security

  • I switched to Java 1.6.20, Java 1.6.45 (both succeeding), Java 1.7.06 and Java 1.7.45 (both failing). 我切换到Java 1.6.20,Java 1.6.45(均成功),Java 1.7.06和Java 1.7.45(均失败)。

  • I tried to set the properties sun.security.ssl.allowUnsafeRenegotiation and sun.security.ssl.allowLegacyHelloMessages to true 我试图将属性sun.security.ssl.allowUnsafeRenegotiationsun.security.ssl.allowLegacyHelloMessagestrue

Question

Do you have any idea how to make the communication work with java 7? 您有任何想法如何使Java 7进行通信吗?

More info 更多信息

Here is the full output of the failing communication with java 7: 这是与Java 7通讯失败的完整输出: 

***
found key for : clientkey
chain [0] =   [0]         Version: 3
         SerialNumber: 4712
             IssuerDN: CN=Test Client CA
           Start Date: Sat Dec 14 18:42:58 CET 2013
           Final Date: Sun Dec 15 18:42:58 CET 2013
            SubjectDN: CN=Test Client
           Public Key: RSA Public Key
            modulus: bc3ba4ad85d762c901a059ef55a82a1b5064a4d0f83de811a561f8ec5abf7dad4c1955434f091b3051eb37916cfbcaa293f547ed93b15e23991019ba500aee05e27d4810d56f216b685ee0f5209f77b1f500468d7e8746ffec3467f7b50004f93bc8e5a09be8871802b22d09a517ae5e543956f8475bad359391571815cb0d2d
    public exponent: 3

  Signature Algorithm: SHA256WithRSAEncryption
            Signature: 1d1e107af090afb3806a81a1252d0714568cec43
                       3ea38f8600db1fc4409f0646b8b235ecf844b610
                       ed0c8110838ca8985bbcbe0176533fe051732958
                       2b834f4292f6503d1634cb3bfdcb5c70ca3da354
                       a92bbeb2fe02484b2c176b5e830116bdf2098353
                       35c95a3114c28dc248f85ac841406f400174779e
                       d194532d922dbc2d

***
***
found key for : serverkey
chain [0] =   [0]         Version: 3
         SerialNumber: 4712
             IssuerDN: CN=Test Server CA
           Start Date: Sat Dec 14 18:42:57 CET 2013
           Final Date: Sun Dec 15 18:42:57 CET 2013
            SubjectDN: CN=Test Server
           Public Key: RSA Public Key
            modulus: bf7993e847452df221d9b018869d635260e3764543db9df97d03a6e99fb4dba4d91a991406c6cfcf2f5ec669e3bd0bb464ccd4691108c03d6d265c66bc2adfc521225ea766137abcdaa38cea6505af0f25155bceb15eceb9dd6c25e2e393c889b5a86b4fce91fafc759ec556c9544b07a58a9335ccd89c8b4320b814bbdc3561
    public exponent: 3

  Signature Algorithm: SHA256WithRSAEncryption
            Signature: 8c75362adb73ed9797e0d11e13c73a24f715a772
                       76c8c12188a5e50cc7823ba36f4f8c3a0f6ee70d
                       6c55a1f78791c753d9820ea26bc127d87d5add17
                       5330a1015b45d5aad881b3f8e34e875622a277b1
                       4a9267ca8fade00d1dcdbc92fd50e711e59e11c1
                       e918a807479608f8f3cd475feb90c7bbc82cb15f
                       1eb119e2b899a3db

***
adding as trusted cert:
  Subject: CN=Test Server
  Issuer:  CN=Test Server CA
  Algorithm: RSA; Serial number: 0x1268
  Valid from Sat Dec 14 18:42:57 CET 2013 until Sun Dec 15 18:42:57 CET 2013

adding as trusted cert:
  Subject: CN=Test Client CA
  Issuer:  CN=Test Client CA
  Algorithm: RSA; Serial number: 0x1267
  Valid from Sat Dec 14 18:43:57 CET 2013 until Sun Dec 15 18:43:57 CET 2013

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
X509KeyManager passed to SSLContext.init():  need an X509ExtendedKeyManager for SSLEngine use
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1370200030 bytes = { 234, 58, 111, 82, 3, 147, 102, 163, 67, 234, 5, 39, 120, 1, 72, 181, 97, 205, 100, 87, 239, 22, 237, 213, 149, 131, 180, 33 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes:  len = 163
0000: 01 00 00 9F 03 01 52 AC   98 DE EA 3A 6F 52 03 93  ......R....:oR..
0010: 66 A3 43 EA 05 27 78 01   48 B5 61 CD 64 57 EF 16  f.C..'x.H.a.dW..
0020: ED D5 95 83 B4 21 00 00   38 C0 0A C0 14 00 35 C0  .....!..8.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0   11 00 05 C0 02 C0 0C C0  ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0   0D 00 16 00 13 00 04 00  ................
0060: FF 01 00 00 3E 00 0A 00   34 00 32 00 17 00 01 00  ....>...4.2.....
0070: 03 00 13 00 15 00 06 00   07 00 09 00 0A 00 18 00  ................
0080: 0B 00 0C 00 19 00 0D 00   0E 00 0F 00 10 00 11 00  ................
0090: 02 00 12 00 04 00 05 00   14 00 08 00 16 00 0B 00  ................
00A0: 02 01 00                                           ...
main, WRITE: TLSv1 Handshake, length = 163
[Raw write]: length = 168
0000: 16 03 01 00 A3 01 00 00   9F 03 01 52 AC 98 DE EA  ...........R...[Raw read]: length = 5
.
00100000: : 163A 0 6F3 52 01 03 0 930 66 A3 A3  43         EA      0   5    27    78    01    48    B   5     6.1. . .:oR..
.f.C[Raw read]: length = 163
..0'0x00.H: 01. 00a 
002000:  9FCD 03 64 01 57 52 EF AC 16  ED  98 D5 DE 95 EA  3  83A B4 6F 21 5 002 00 03 38 93 C0  0A  . ..d.W.....R........:oR.!....8
0010.: 66. A3
0030 43: C0 EA 14 05 00 27 35 78 C0 01 05  C  480 B5 0F  61   CD00 64  5739 EF 00 16 3 8 f .CC0. 09.'x C0. 13H .a ..d.W.5....
0020.: ED. D5.9 95.8 83. B4. 21. 00. 0
00400:  00  38  C02F 0A C C00 14 04 00 C0 35 0E C0 00  33  .  .0.0..! 32. C0.8 07. C0. .1.1.5 .0
00300: 05 05 C0   0./F. .00. .3.39.2 .00. .3.8. .C0
0 050  09: C C00 13 02 00 C0 2F 0C C0 C0 04 08 C0 C0  12  .  .0.0.9 .80A. .C.0. 03. C0/ .0D. .0
00400: 0 16E  00  .3.3. 00. 32. C0. 0.7. .C0. .  1.1. .0.0. 
006005:  C000 02 13 C0 00 0C 04 C0 00  F F. .301.2 .0.0. .  .0.0. 3E. 00. 0A. 00. 
005034:  0008 32 C0  1 2. .00. 0A. C.0. .0.3.> .C.0.4 .2  
00700D:  0000 16 17 00 00 13 01  0000 03  0004 13  0  000 15  00  .0.6. 00. 07. 00. 09. . ................
.0060.: .FF.. 0.1. 00. 00
0080 : 003E 0A 00 00 0A 18 0 000 0B  00  34 0C 00  3  002 19 00 00 1 0D7 00 00 0E 01 00 00 0F    .......>......4..2...........
.0070.: 03. 00
009 130 00: 00 15 10 00 00 06 11 00 0 0  07 02 00  0900 00 12 0A    0000 04 18 00 00 05  00  1.4. .00. .0.8. . ................
.0.0.8.0.: 0B.. 00. 0C
00 00A 190 00: 00 0D 16 00 00    0E0B 00 00 0F 02 00 01 10 00 00  11      00           .   .   .   .   . .................
..
0090: 02 00 12 00 04 00 05 00   14 00 08 00 16 00 0B 00  ................
00A0: 02 01 00                                           ...
NioProcessor-3, READ: TLSv1 Handshake, length = 163
*** ClientHello, TLSv1
RandomCookie:  GMT: 1370200030 bytes = { 234, 58, 111, 82, 3, 147, 102, 163, 67, 234, 5, 39, 120, 1, 72, 181, 97, 205, 100, 87, 239, 22, 237, 213, 149, 131, 180, 33 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes:  len = 163
0000: 01 00 00 9F 03 01 52 AC   98 DE EA 3A 6F 52 03 93  ......R....:oR..
0010: 66 A3 43 EA 05 27 78 01   48 B5 61 CD 64 57 EF 16  f.C..'x.H.a.dW..
0020: ED D5 95 83 B4 21 00 00   38 C0 0A C0 14 00 35 C0  .....!..8.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0   11 00 05 C0 02 C0 0C C0  ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0   0D 00 16 00 13 00 04 00  ................
0060: FF 01 00 00 3E 00 0A 00   34 00 32 00 17 00 01 00  ....>...4.2.....
0070: 03 00 13 00 15 00 06 00   07 00 09 00 0A 00 18 00  ................
0080: 0B 00 0C 00 19 00 0D 00   0E 00 0F 00 10 00 11 00  ................
0090: 02 00 12 00 04 00 05 00   14 00 08 00 16 00 0B 00  ................
00A0: 02 01 00                                           ...
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: serverkey
%% Negotiating:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie:  GMT: 1370200030 bytes = { 235, 19, 174, 10, 126, 94, 2, 53, 13, 203, 115, 119, 217, 226, 248, 251, 141, 255, 72, 117, 214, 8, 178, 182, 69, 65, 74, 111 }
Session ID:  {82, 172, 152, 222, 202, 68, 136, 188, 163, 83, 250, 80, 9, 33, 99, 223, 176, 113, 255, 245, 119, 35, 136, 114, 29, 204, 36, 7, 135, 58, 46, 58}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] =   [0]         Version: 3
         SerialNumber: 4712
             IssuerDN: CN=Test Server CA
           Start Date: Sat Dec 14 18:42:57 CET 2013
           Final Date: Sun Dec 15 18:42:57 CET 2013
            SubjectDN: CN=Test Server
           Public Key: RSA Public Key
            modulus: bf7993e847452df221d9b018869d635260e3764543db9df97d03a6e99fb4dba4d91a991406c6cfcf2f5ec669e3bd0bb464ccd4691108c03d6d265c66bc2adfc521225ea766137abcdaa38cea6505af0f25155bceb15eceb9dd6c25e2e393c889b5a86b4fce91fafc759ec556c9544b07a58a9335ccd89c8b4320b814bbdc3561
    public exponent: 3

  Signature Algorithm: SHA256WithRSAEncryption
            Signature: 8c75362adb73ed9797e0d11e13c73a24f715a772
                       76c8c12188a5e50cc7823ba36f4f8c3a0f6ee70d
                       6c55a1f78791c753d9820ea26bc127d87d5add17
                       5330a1015b45d5aad881b3f8e34e875622a277b1
                       4a9267ca8fade00d1dcdbc92fd50e711e59e11c1
                       e918a807479608f8f3cd475feb90c7bbc82cb15f
                       1eb119e2b899a3db

***
*** ECDH ServerKeyExchange
Server key: Sun EC public key, 256 bits
  public x coord: 104116730850349228150645500726559419876454110473705724347998613959037720473709
  public y coord: 26531088832836488156715632939801149563569358316815609029138071362300859258679
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=Test Server>
<CN=Test Client CA>
*** ServerHelloDone
[write] MD5 and SHA1 hashes:  len = 785
0000: 02 00 00 4D 03 01 52 AC   98 DE EB 13 AE 0A 7E 5E  ...M..R........^
    ...
0300: 65 73 74 20 43 6C 69 65   6E 74 20 43 41 0E 00 00  est Client CA...
0310: 00                                                 .
NioProcessor-3, WRITE: TLSv1 Handshake, length = 785
[Raw write]: length = 790
0000: 16 03 01 03 11 02 00 00   4D 03 01 52 AC 98 DE EB  ........M..R....
    ...
0310: 43 41 0E 00 00 00                                  CA....
[Raw read]: length = 5
0000: 16 03 01 03 11                                     .....
[Raw read]: length = 785
0000: 02 00 00 4D 03 01 52 AC   98 DE EB 13 AE 0A 7E 5E  ...M..R........^
...
0300: 65 73 74 20 43 6C 69 65   6E 74 20 43 41 0E 00 00  est Client CA...
0310: 00                                                 .
main, READ: TLSv1 Handshake, length = 785
*** ServerHello, TLSv1
RandomCookie:  GMT: 1370200030 bytes = { 235, 19, 174, 10, 126, 94, 2, 53, 13, 203, 115, 119, 217, 226, 248, 251, 141, 255, 72, 117, 214, 8, 178, 182, 69, 65, 74, 111 }
Session ID:  {82, 172, 152, 222, 202, 68, 136, 188, 163, 83, 250, 80, 9, 33, 99, 223, 176, 113, 255, 245, 119, 35, 136, 114, 29, 204, 36, 7, 135, 58, 46, 58}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[read] MD5 and SHA1 hashes:  len = 81
0000: 02 00 00 4D 03 01 52 AC   98 DE EB 13 AE 0A 7E 5E  ...M..R........^
0010: 02 35 0D CB 73 77 D9 E2   F8 FB 8D FF 48 75 D6 08  .5..sw......Hu..
0020: B2 B6 45 41 4A 6F 20 52   AC 98 DE CA 44 88 BC A3  ..EAJo R....D...
0030: 53 FA 50 09 21 63 DF B0   71 FF F5 77 23 88 72 1D  S.P.!c..q..w#.r.
0040: CC 24 07 87 3A 2E 3A C0   14 00 00 05 FF 01 00 01  .$..:.:.........
0050: 00                                                 .
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=Test Server
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 1024 bits
  modulus: 134458256579882064220947016566567368624577136695715707428147091640608842041866510673093630777095713870085907129388401306119592396574283986066972630278941051105347425734712257624841831029349568388389668729188279474954100040403593251094972500714160890077269266835643135286378058696831905023827534267451981968737
  public exponent: 3
  Validity: [From: Sat Dec 14 18:42:57 CET 2013,
               To: Sun Dec 15 18:42:57 CET 2013]
  Issuer: CN=Test Server CA
  SerialNumber: [    1268]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 8C 75 36 2A DB 73 ED 97   97 E0 D1 1E 13 C7 3A 24  .u6*.s........:$
0010: F7 15 A7 72 76 C8 C1 21   88 A5 E5 0C C7 82 3B A3  ...rv..!......;.
0020: 6F 4F 8C 3A 0F 6E E7 0D   6C 55 A1 F7 87 91 C7 53  oO.:.n..lU.....S
0030: D9 82 0E A2 6B C1 27 D8   7D 5A DD 17 53 30 A1 01  ....k.'..Z..S0..
0040: 5B 45 D5 AA D8 81 B3 F8   E3 4E 87 56 22 A2 77 B1  [E.......N.V".w.
0050: 4A 92 67 CA 8F AD E0 0D   1D CD BC 92 FD 50 E7 11  J.g..........P..
0060: E5 9E 11 C1 E9 18 A8 07   47 96 08 F8 F3 CD 47 5F  ........G.....G_
0070: EB 90 C7 BB C8 2C B1 5F   1E B1 19 E2 B8 99 A3 DB  .....,._........

]
***
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E    [Raw read]: length = 5
     000         0   : 15    03    01    00  02....... 
                    main, called closeSocket()
                ...main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: auth type not accepted
..
[Raw read]: length = 2
0000: 02 2E                                              ..
NioProcessor-3, READ: TLSv1 Alert, length = 2
NioProcessor-3, RECV TLSv1 ALERT:  fatal, certificate_unknown
NioProcessor-3, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
NioProcessor-3, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
NioProcessor-3, called closeInbound()
NioProcessor-3, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-3, called closeOutbound()
NioProcessor-3, closeOutboundInternal()
NioProcessor-3, SEND TLSv1 ALERT:  warning, description = close_notify
NioProcessor-3, WRITE: TLSv1 Alert, length = 2
[2013-12-14 18:43:58,286 (pool-3-thread-1) org.apache.mina.filter.logging.LoggingFilter.log(LoggingFilter.java:130) WARN] EXCEPTION :
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
    at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:487)
    ...
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
    at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
    at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
    at org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:728)
    at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:666)
    at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:552)
    at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:351)
    at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:468)
    ... 15 more

1 个解决方案

解决方案1
 0 已采纳  2013-12-16 05:57:49

The problem was home-made. 问题是自制的。

Internally I used a TrustManager that rejected the authType "ECDHE_RSA", which is used by default with Java 7. 在内部,我使用了一个TrustManager来拒绝authType“ ECDHE_RSA”,该类型默认情况下与Java 7一起使用。

After adding "ECDHE_RSA" to the list of accepted authTypes the communication succeeded again. 将“ ECDHE_RSA”添加到接受的authTypes列表后,通信再次成功。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法使用Java连接到FTPS(显式)服务器? - can not connect to FTPS (explicit) server with java? 具有Java绑定和客户端CA证书的FTPS - FTPS With Java Binding and client CA Certificate 如何使用Java从FTPS服务器获取文件? - How to get files from FTPS server with java? Apache FTPS客户端storeFile从Unix / Linux / Max发行到Windows FTPS服务器 - Apache FTPS Client storeFile to windows FTPS server from Unix/Linux/Max issue 连接到FTPS服务器 - Connect to FTPS server Java FTPS问题 - Java FTPS Problems 使用 apache commons net 的代理服务器后面的 FTPS 客户端 - FTPS client behind a proxy server using apache commons net Java FTPS无法检索文件列表(FileZilla Client运行正常) - Java FTPS fails to retrieve file list (FileZilla Client works fine) Java ftps连接,TrustManager说明(使用Filezilla服务器) - Java ftps connection, TrustManager explaination (using filezilla server) Java FTPS 禁用证书检查 - Java FTPS disabling Certificate Check
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM