堆栈内存溢出
  简体   繁体   English

尝试通过SSL连接到服务器的SSLHandshakeException

[英]SSLHandshakeException trying to connect to a server over SSL

 原文  2015-10-28 06:08:59       java/ linux/ spring/ ssl/ https

问题描述

I'm trying to make a GET request from a Java/Spring 4 Application to a resource on a remote server over SSL. 我正在尝试通过SSL向远程服务器上的Java / Spring 4应用程序发出GET请求。 Say the resource is: 说资源是:

https://remote-app/foo.pdf HTTPS://remote-app/foo.pdf

my application uses https://github.com/square/okhttp as an HTTP client to do the operation. 我的应用程序使用https://github.com/square/okhttp作为HTTP客户端来执行操作。

Unfortuanatelly it is throwing an exception on this resources; 不幸的是,这是对这些资源的例外; but surprisingly succeeds on other resources that are exposed over SSL on other servers. 但令人惊讶的是,在其他服务器上通过SSL公开的其他资源上取得了成功。

Here is the exception that I'm getting: 这是我得到的例外: 

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_51]
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.8.0_51]
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[na:1.8.0_51]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[na:1.8.0_51]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_51]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_51]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_51]
    at com.squareup.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.Connection.connect(Connection.java:143) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:185) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.Call.getResponse(Call.java:273) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:230) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:201) ~[okhttp-2.4.0.jar!/:na]
    at com.squareup.okhttp.Call.execute(Call.java:81) ~[okhttp-2.4.0.jar!/:na]
    at com.org.package.util.Utils.getUrlResponse(MyUtils.java:54) ~[app-0.0.1-SNAPSHOT.jar!/:na]
    at com.org.package.service.impl.MyApp.uploadUrl(MyApp.java:303) [app.jar!/:na]
    at com.org.package.service.impl.MyApp.uploadResource(MyApp.java:135) [app.jar!/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_51]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_51]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_51]
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_51]
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) [spring-tx-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) [spring-tx-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) [spring-tx-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at com.sun.proxy.$Proxy155.uploadR(Unknown Source) [na:na]
    at com.org.myprocess.receiveRequest(Processor.java:42) [app.jar!/:na]
    at com.org.myprocess$$FastClassBySpringCGLIB$$e05dc31.invoke(<generated>) [spring-core-4.1.7.RELEASE.jar!/:na]
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) [spring-core-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) [spring-tx-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) [spring-tx-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) [spring-tx-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653) [spring-aop-4.1.7.RELEASE.jar!/:4.1.7.RELEASE]
    at com.org.myprocess$$EnhancerBySpringCGLIB$$d16a8116.receiveRequest(<generated>) [spring-core-4.1.7.RELEASE.jar!/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_51]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_51]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_51]
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_51]
    at org.springframework.messaging.handler.invocation.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:185) [spring-messaging-4.1.6.RELEASE.jar!/:4.1.6.RELEASE]
    at org.springframework.messaging.handler.invocation.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:104) [spring-messaging-4.1.6.RELEASE.jar!/:4.1.6.RELEASE]
    at org.springframework.messaging.handler.invocation.AbstractMethodMessageHandler.handleMatch(AbstractMethodMessageHandler.java:447) [spring-messaging-4.1.6.RELEASE.jar!/:4.1.6.RELEASE]
    at org.springframework.messaging.handler.invocation.AbstractMethodMessageHandler.handleMessageInternal(AbstractMethodMessageHandler.java:408) [spring-messaging-4.1.6.RELEASE.jar!/:4.1.6.RELEASE]
    at org.springframework.messaging.handler.invocation.AbstractMethodMessageHandler.handleMessage(AbstractMethodMessageHandler.java:346) [spring-messaging-4.1.6.RELEASE.jar!/:4.1.6.RELEASE]
    at org.springframework.cloud.aws.messaging.listener.SimpleMessageListenerContainer.executeMessage(SimpleMessageListenerContainer.java:160) [spring-cloud-aws-messaging-1.0.3.RELEASE.jar!/:1.0.3.RELEASE]
    at org.springframework.cloud.aws.messaging.listener.SimpleMessageListenerContainer$MessageExecutor.run(SimpleMessageListenerContainer.java:226) [spring-cloud-aws-messaging-1.0.3.RELEASE.jar!/:1.0.3.RELEASE]
    at org.springframework.cloud.aws.messaging.listener.SimpleMessageListenerContainer$SignalExecutingRunnable.run(SimpleMessageListenerContainer.java:250) [spring-cloud-aws-messaging-1.0.3.RELEASE.jar!/:1.0.3.RELEASE]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_51]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_51]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_51]
    Suppressed: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        ... 60 common frames omitted

I tried curl from the machine on which my app is deployed: 我从部署了我的应用程序的机器上尝试了curl: 

curl -v https://www.remote-app/foo.pdf

Response>>> 响应>>> 

 Trying 121.1.102.15...
    * Connected to www.remote-app (121.1.102.15) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
    * Cannot communicate securely with peer: no common encryption algorithm(s).
    * Closing connection 0
    curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

But then I tried passing the cipher algorithm to use and it works: 但后来我尝试传递密码算法使用它的工作原理: 

curl -v --cipher ecdhe_rsa_aes_128_gcm_sha_256 https://www.remote-app/foo.pdf

Response>>> 响应>>> 

Trying 121.1.102.15...
200 OK...
Content...
Content...

Now my question is how can I make my app connect to different SSL servers that might have different ssl configuration. 现在我的问题是如何让我的应用程序连接到可能具有不同ssl配置的不同SSL服务器。 Because the app connects to most resources over ssl but not all. 因为应用程序通过ssl连接到大多数资源,但不是全部。

Or how can I support more cipher suites that could be used by different server? 或者我如何支持更多可供不同服务器使用的密码套件? (assuming that's the right issue) (假设这是正确的问题)

1 个解决方案

解决方案1
 0 已采纳  2015-11-04 00:15:36

Yay, so I got the solution. 是的,所以我得到了解决方案。 Java comes with certain ciphers that are disabled by default and some enabled. Java附带某些默认禁用的密码,其中一些启用了。 Here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html Surprisingly all the 4 ciphers that I mentioned above are in the "enabled-by-default" table. 这里: https//docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html令人惊讶的是,我上面提到的所有4个密码都在“默认启用”表中。 But below the list of ciphers they mentioned: 但是在他们提到的密码列表下面:

Cipher suites that use Elliptic Curve Cryptography (ECDSA, ECDH, ECDHE, ECDH_anon) require a JCE cryptographic provider that meets the following requirements: a... b... c... 使用椭圆曲线密码术(ECDSA,ECDH,ECDHE,ECDH_anon)的密码套件需要符合以下要求的JCE加密提供程序:a ... b ... c ...

Searching for JAVA JCE provider will lead you to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html 搜索JAVA JCE提供商将引导您访问http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Download the zip file and you'll get two jar files inside local_policy.jar us_export_policy.jar 下载zip文件,你将在local_policy.jar中获得两个jar文件us_export_policy.jar

place those two jar files in the security folder inside ur jre jdk1.8.jdk/Contents/Home/jre/lib/security/ 将这两个jar文件放在ur jre jdk1.8.jdk / Contents / Home / jre / lib / security /中的security文件夹中

Cheers! 干杯!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 尝试连接到主机时出现SSLHandshakeException - SSLHandshakeException when trying to connect to host Tomcat服务器上的javax.net.ssl.SSLHandshakeException - javax.net.ssl.SSLHandshakeException on a tomcat server 无法通过Java代码连接到服务器。获取javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure - Not able to connect to server through java code. Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 尝试在MAC上克隆GIT时出现javax.net.ssl.SSLHandshakeException - javax.net.ssl.SSLHandshakeException when trying to clone GIT on MAC 尝试编译应用程序时出现javax.net.ssl.SSLHandshakeException - javax.net.ssl.SSLHandshakeException when trying to compile application 无法使用Spring模板通过SSL连接到LDAP服务器 - Unable to connect to LDAP server over ssl using spring template 如何在 Java 中通过 TLS/SSL (FTPS) 服务器连接到 FTP - How to connect to FTP over TLS/SSL (FTPS) server in Java CertPathValidatorException Java尝试使用SSL连接到服务器数据库 - CertPathValidatorException Java trying to connect to server database using SSL 尝试连接到 SQL-Server 2014 时出现 SSL 错误 - Getting SSL error while trying to connect to SQL-Server 2014 通过SSL通过Cajo连接时出现javax.net.ssl.SSLHandshakeException - javax.net.ssl.SSLHandshakeException when connecting via Cajo over SSL issue
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM