堆栈内存溢出
  简体   繁体   English

Java 8 RECV TLSv1.2 警报:致命,握手失败

[英]Java 8 RECV TLSv1.2 ALERT: fatal, handshake_failure

 原文  2017-09-06 17:46:44       java/ ssl/ alert/ handshake

问题描述

I have exhausted my capabilities researching and experimenting to solve this problem.我已经用尽了我的能力来研究和试验来解决这个问题。 I've tried Trust Managers, ssl socket factories, hostName verifiers, scheme registry, ssl context modifications, etc.我尝试过信任管理器、ssl 套接字工厂、主机名验证器、方案注册表、ssl 上下文修改等。

Can someone please help me?有人可以帮帮我吗?

The program is:该计划是:

import java.io.BufferedReader ;
import java.io.InputStreamReader ;
import java.io.Reader ;
import java.net.URL ;
import java.net.URLConnection ;
import java.security.cert.X509Certificate ;

import javax.net.ssl.HostnameVerifier ;
import javax.net.ssl.HttpsURLConnection ;
import javax.net.ssl.SSLContext ;
import javax.net.ssl.SSLSession ;
import javax.net.ssl.TrustManager ;
import javax.net.ssl.X509TrustManager ;


public class
      TestSSL {

   public static void
   main(String[] args)
      throws Exception {

// Create a trust manager that does not validate certificate chains
      TrustManager[] trustAllCerts = new TrustManager[]
            { new X509TrustManager() {
            public java.security.cert.X509Certificate[]
            getAcceptedIssuers() {
               return null ;
            }


            public void
            checkClientTrusted(X509Certificate[] certs, String authType) {
            }


            public void
            checkServerTrusted(X509Certificate[] certs, String authType) {
            }
         } } ;

// Install the all-trusting trust manager
      final SSLContext sc = SSLContext.getInstance("SSL") ;
      sc.init(null, trustAllCerts, new java.security.SecureRandom()) ;

      HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) ;

// Create all-trusting host name verifier
      HostnameVerifier allHostsValid = new HostnameVerifier() {
         public boolean
         verify(String hostname, SSLSession session) {
            return true ;
         }
      } ;

// Install the all-trusting host verifier
      HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid) ;

// set target URL

////////////////////////////////////////////////////////////////////////////////////////////
      URL url = new URL("https://sourceforge.net/projects/taggersharp/") ; // THIS FAILS
// URL url = new URL("https://www.google.com");  //THIS WORKS
////////////////////////////////////////////////////////////////////////////////////////////

// process the URL
      URLConnection con = url.openConnection() ;

      final Reader reader = new InputStreamReader(con.getInputStream()) ;
      final BufferedReader br = new BufferedReader(reader) ;
      String line = "" ;
      while ((line = br.readLine()) != null) {
         System.out.println(line) ;
      }
      br.close() ;

   } // End of main

} // End of the class //

I compile and run it with the following options and results:我使用以下选项和结果编译并运行它:

C:\$\VersionsTEST>"C:\Program Files\Java\jre1.8.0_141\bin\java.exe"  -Djavax.net.debug=ssl -Djava.security.properties=security.props -Dhttps.protocols=TLSv1.1,TLSv1,TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all TestSSL
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=sourceforge.net) was replaced with (type=host_name (0), value=sourceforge.net)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1487939520 bytes = { 108, 232, 206, 41, 154, 180, 117, 47, 215, 3, 103, 236, 131, 140, 254, 113, 53, 30, 15, 54, 153, 237, 200, 209, 239, 85, 46, 190 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=sourceforge.net]
***
[write] MD5 and SHA1 hashes:  len = 169
0000: 01 00 00 A5 03 03 59 B0   28 C0 6C E8 CE 29 9A B4  ......Y.(.l..)..
0010: 75 2F D7 03 67 EC 83 8C   FE 71 35 1E 0F 36 99 ED  u/..g....q5..6..
0020: C8 D1 EF 55 2E BE 00 00   2A C0 23 C0 27 00 3C C0  ...U....*.#.'.<.
0030: 25 C0 29 C0 09 C0 13 00   2F C0 04 C0 0E C0 2B C0  %.)...../.....+.
0040: 2F 00 9C C0 2D C0 31 C0   08 C0 12 00 0A C0 03 C0  /...-.1.........
0050: 0D 00 FF 01 00 00 52 00   0A 00 16 00 14 00 17 00  ......R.........
0060: 18 00 19 00 09 00 0A 00   0B 00 0C 00 0D 00 0E 00  ................
0070: 16 00 0B 00 02 01 00 00   0D 00 16 00 14 06 03 06  ................
0080: 01 05 03 05 01 04 03 04   01 04 02 02 03 02 01 02  ................
0090: 02 00 00 00 14 00 12 00   00 0F 73 6F 75 72 63 65  ..........source
00A0: 66 6F 72 67 65 2E 6E 65   74                       forge.net
main, WRITE: TLSv1.2 Handshake, length = 169
[Raw write]: length = 174
0000: 16 03 03 00 A9 01 00 00   A5 03 03 59 B0 28 C0 6C  ...........Y.(.l
0010: E8 CE 29 9A B4 75 2F D7   03 67 EC 83 8C FE 71 35  ..)..u/..g....q5
0020: 1E 0F 36 99 ED C8 D1 EF   55 2E BE 00 00 2A C0 23  ..6.....U....*.#
0030: C0 27 00 3C C0 25 C0 29   C0 09 C0 13 00 2F C0 04  .'.<.%.)...../..
0040: C0 0E C0 2B C0 2F 00 9C   C0 2D C0 31 C0 08 C0 12  ...+./...-.1....
0050: 00 0A C0 03 C0 0D 00 FF   01 00 00 52 00 0A 00 16  ...........R....
0060: 00 14 00 17 00 18 00 19   00 09 00 0A 00 0B 00 0C  ................
0070: 00 0D 00 0E 00 16 00 0B   00 02 01 00 00 0D 00 16  ................
0080: 00 14 06 03 06 01 05 03   05 01 04 03 04 01 04 02  ................
0090: 02 03 02 01 02 02 00 00   00 14 00 12 00 00 0F 73  ...............s
00A0: 6F 75 72 63 65 66 6F 72   67 65 2E 6E 65 74        ourceforge.net
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=sourceforge.net) was replaced with (type=host_name (0), value=sourceforge.net)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1487939569 bytes = { 112, 166, 46, 83, 81, 37, 183, 87, 66, 77, 244, 18, 174, 101, 138, 145, 155, 105, 62, 195, 70, 55, 37, 194, 127, 138, 118, 101 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=sourceforge.net]
***
[write] MD5 and SHA1 hashes:  len = 169
0000: 01 00 00 A5 03 03 59 B0   28 F1 70 A6 2E 53 51 25  ......Y.(.p..SQ%
0010: B7 57 42 4D F4 12 AE 65   8A 91 9B 69 3E C3 46 37  .WBM...e...i>.F7
0020: 25 C2 7F 8A 76 65 00 00   2A C0 23 C0 27 00 3C C0  %...ve..*.#.'.<.
0030: 25 C0 29 C0 09 C0 13 00   2F C0 04 C0 0E C0 2B C0  %.)...../.....+.
0040: 2F 00 9C C0 2D C0 31 C0   08 C0 12 00 0A C0 03 C0  /...-.1.........
0050: 0D 00 FF 01 00 00 52 00   0A 00 16 00 14 00 17 00  ......R.........
0060: 18 00 19 00 09 00 0A 00   0B 00 0C 00 0D 00 0E 00  ................
0070: 16 00 0B 00 02 01 00 00   0D 00 16 00 14 06 03 06  ................
0080: 01 05 03 05 01 04 03 04   01 04 02 02 03 02 01 02  ................
0090: 02 00 00 00 14 00 12 00   00 0F 73 6F 75 72 63 65  ..........source
00A0: 66 6F 72 67 65 2E 6E 65   74                       forge.net
main, WRITE: TLSv1.2 Handshake, length = 169
[Raw write]: length = 174
0000: 16 03 03 00 A9 01 00 00   A5 03 03 59 B0 28 F1 70  ...........Y.(.p
0010: A6 2E 53 51 25 B7 57 42   4D F4 12 AE 65 8A 91 9B  ..SQ%.WBM...e...
0020: 69 3E C3 46 37 25 C2 7F   8A 76 65 00 00 2A C0 23  i>.F7%...ve..*.#
0030: C0 27 00 3C C0 25 C0 29   C0 09 C0 13 00 2F C0 04  .'.<.%.)...../..
0040: C0 0E C0 2B C0 2F 00 9C   C0 2D C0 31 C0 08 C0 12  ...+./...-.1....
0050: 00 0A C0 03 C0 0D 00 FF   01 00 00 52 00 0A 00 16  ...........R....
0060: 00 14 00 17 00 18 00 19   00 09 00 0A 00 0B 00 0C  ................
0070: 00 0D 00 0E 00 16 00 0B   00 02 01 00 00 0D 00 16  ................
0080: 00 14 06 03 06 01 05 03   05 01 04 03 04 01 04 02  ................
0090: 02 03 02 01 02 02 00 00   00 14 00 12 00 00 0F 73  ...............s
00A0: 6F 75 72 63 65 66 6F 72   67 65 2E 6E 65 74        ourceforge.net
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at TestSSL.main(TestSSL.java:66)

3 个解决方案

解决方案1
 13  2017-09-06 18:26:07

If you check the ciphers offered by sourceforge.net as analyzed by SSLLabs you will see that the site only support ciphers with AES256.如果您检查SSLLabs 分析的 sourceforge.net 提供的密码,您将看到该站点仅支持使用 AES256 的密码。 If you then look at the ciphers offered by your Java application you will see that there are only AES128 and 3DES ciphers:如果您随后查看 Java 应用程序提供的密码,您将看到只有 AES128 和 3DES 密码:

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

This means none of the ciphers offers by your client is accepted by the server which will cause a handshake failure.这意味着您的客户端提供的任何密码都不会被服务器接受,这将导致握手失败。 It might be that you need to enable the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy to support the AES256 ciphers.您可能需要启用Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy以支持 AES256 密码。

解决方案2
 5  2017-09-07 14:08:30

The answer above is correct, of course.当然,上面的答案是正确的。 I mistakenly added the "UnlimitedJCEPolicyJDK8" files to the JRE and SDK \\lib directory, not the \\lib\\security directory.我错误地将“UnlimitedJCEPolicyJDK8”文件添加到了 JRE 和 SDK \\lib 目录,而不是 \\lib\\security目录。 I've repaired the mistake, and all is well.我已经修复了错误,一切都很好。

Thanks to all.谢谢大家。

Paul保罗

解决方案3
 4  2020-09-15 10:49:53

If you are using Java 8, please update to the latest version java 1.8.0_261 at least.如果您使用的是 Java 8,请至少更新到最新版本的 java 1.8.0_261。 Problem will be solved.问题将得到解决。 I had this and did that.我有这个并做了那个。 Java 8 versions less than java 1.8.0_161 does not have this.低于 java 1.8.0_161 的 Java 8 版本没有这个。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 7:发送TLSv1.2警报:致命,描述= handshake_failure ule子 - Java 7: SEND TLSv1.2 ALERT: fatal, description = handshake_failure mule 带有Java 7和Wildlfy 8的TLSv1.2-handshake_failure - TLSv1.2 with Java 7 and Wildlfy 8 - handshake_failure Android TLSv1.2 handshake_failure - Android TLSv1.2 handshake_failure Thread-6,RECV TLSv1 ALERT:致命,handshake_failure - Thread-6, RECV TLSv1 ALERT: fatal, handshake_failure TLSv1.2 PC =&gt; Android 5.0.2 handshake_failure - TLSv1.2 PC => Android 5.0.2 handshake_failure 带有TLSv1.2的Java 7连接到LDAPS握手失败 - Java 7 with TLSv1.2 connect to LDAPS handshake failure Java8,HttpClient,收到“收到致命警报:handshake_failure” - Java8, HttpClient, receiving “Received fatal alert: handshake_failure” SSLHandshakeException:在 Java 6 -&gt; 8 升级后收到致命警报:handshake_failure - SSLHandshakeException: Received fatal alert: handshake_failure after Java 6 -> 8 upgrade Java 1.8:TLSv1.2 ClientHello握手失败(缺少椭圆曲线扩展?) - Java 1.8: TLSv1.2 ClientHello handshake failure (missing elliptical curve extensions?) 收到致命警报:handshake_failure - Received fatal alert: handshake_failure
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM