Linux上的Java SSL连接重置,Windows工作正常
[英]Java SSL connection reset on Linux, Windows works fine
问题描述
We're trying to connect to a .NET-based webservice with Apache Camel over HTTPS. 
我们正在尝试通过HTTPS连接到基于.NET的Web服务和Apache Camel。 The calls run fine under Windows, but Linux-based machines are served a connection reset by the remote webservice during the SSL handshake phase. 这些调用在Windows下运行正常,但在SSL握手阶段,远程Web服务会为基于Linux的计算机提供连接重置。 Calling the URL's from cURL or Postman under Linux is no problem, so the problem seems related to the JVM. 在Linux下从cURL或Postman调用URL是没有问题的,所以问题似乎与JVM有关。
We've tested this with SSL trace logging enabled and both machines seem to negotiate exactly the same cipher suite and such, so we're clueless as to why the connection is being reset. 我们已经通过启用SSL跟踪日志记录对此进行了测试,并且两台计算机似乎都在协商完全相同的密码套件,因此我们对于重置连接的原因一无所知。 We haven't got access to the logging of the remote webservice's logging so I'm actually not sure how to continue debugging this issue... 我们无法访问远程webservice的日志记录,因此我实际上不确定如何继续调试此问题...
I've truncated the SSL trace logging for both platforms and included it below. 我已经截断了两个平台的SSL跟踪日志记录,并将其包含在下面。 Is there anything we've missed in there, or is there any more we can do to debug this issue without the remote logging? 我们在那里有什么遗漏,或者我们还能做些什么来在没有远程登录的情况下调试这个问题?
Linux SSL trace logging: Linux SSL跟踪日志记录:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1509952410 bytes = ...truncated...
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=...truncated...]
***
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 230
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 91
*** ServerHello, TLSv1.2
RandomCookie: GMT: 720603056 bytes = ...truncated...
Session ID: ...truncated...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name:
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 3959
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: ...truncated...
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
SerialNumber: [ ...truncated...]
Certificate Extensions: 10
[1]: ObjectId: ...truncated... Criticality=false
Extension unknown: DER encoded OCTET string =
...truncated...
[2]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3
]
]
[3]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[4]: ObjectId: ...truncated... Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl]
]]
[6]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
[CertificatePolicyId: [...truncated...]
[] ]
]
[7]: ObjectId: ...truncated... Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: ...truncated... Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: ...truncated... Criticality=false
SubjectAlternativeName [
DNSName: ...truncated...
DNSName: ...truncated...
DNSName: ...truncated...
]
[10]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 7
[1]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/rootr3
]
]
[2]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[3]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/root-r3.crl]
]]
[5]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
]
[6]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [2] = [
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
...truncated...
]
[3]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature: ...truncated...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: ...truncated...
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 333
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: ...truncated...
public y coord: ...truncated...
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: ...truncated...
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
...truncated...
CONNECTION KEYGEN:
Client Nonce:
...truncated...
Server Nonce:
...truncated...
Master Secret:
...truncated...
... no MAC keys used for this cipher
Client write key:
...truncated...
Server write key:
...truncated
Client write IV:
...truncated...
Server write IV:
...truncated....
http-nio-8080-exec-7, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
...truncated...
***
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 40
http-nio-8080-exec-7, READ: TLSv1.2 Change Cipher Spec, length = 1
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 40
*** Finished
...truncated...
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
http-nio-8080-exec-7, WRITE: TLSv1.2 Application Data, length = 2370
http-nio-8080-exec-7, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
http-nio-8080-exec-7, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
http-nio-8080-exec-7, WRITE: TLSv1.2 Alert, length = 26
http-nio-8080-exec-7, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
http-nio-8080-exec-7, called closeSocket()
http-nio-8080-exec-7, called close()
http-nio-8080-exec-7, called closeInternal(true)
Windows SSL trace logging: Windows SSL跟踪日志记录:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1509957147 bytes = ...truncated...
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=...truncated...]
***
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 258
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 91
*** ServerHello, TLSv1.2
RandomCookie: GMT: -607016418 bytes = ...truncated...
Session ID: ...truncated...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name:
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 3959
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: ...truncated...
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
SerialNumber: [ ...truncated...]
Certificate Extensions: 10
[1]: ObjectId: ...truncated... Criticality=false
Extension unknown: DER encoded OCTET string =
...truncated...
[2]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3
]
]
[3]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[4]: ObjectId: ...truncated... Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl]
]]
[6]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
[CertificatePolicyId: [...truncated...]
[] ]
]
[7]: ObjectId: ...truncated... Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: ...truncated... Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: ...truncated... Criticality=false
SubjectAlternativeName [
DNSName: ...truncated...
DNSName: ...truncated...
DNSName: ...truncated...
]
[10]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 7
[1]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/rootr3
]
]
[2]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[3]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/root-r3.crl]
]]
[5]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
]
[6]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [2] = [
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
...truncated...
]
[3]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature: ...truncated...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: ...truncated...
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 333
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: ...truncated...
public y coord: ...truncated...
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: { 4, 144, 81, 42, 27, 249, 12, 198, 167, 196, 189, 75, 11, 160, 39, 39, 10, 147, 244, 224, 161, 27, 200, 75, 153, 157, 161, 124, 97, 202, 134, 160, 96, 188, 86, 81, 42, 150, 115, 66, 254, 51, 50, 149, 2, 63, 191, 181, 70, 178, 233, 233, 207, 214, 235, 200, 52, 51, 47, 139, 211, 246, 147, 2, 250 }
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
...truncated...
CONNECTION KEYGEN:
Client Nonce:
...truncated...
Server Nonce:
...truncated...
Master Secret:
...truncated...
0020: 5B 12 25 BC 53 8B 7C B8 D3 35 60 56 EE D8 8C E4 [.%.S....5`V....
... no MAC keys used for this cipher
Client write key:
...truncated...
Server write key:
...truncated...
Client write IV:
...truncated...
Server write IV:
...truncated...
http-nio-8080-exec-10, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: ...truncated...
***
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 40
http-nio-8080-exec-10, READ: TLSv1.2 Change Cipher Spec, length = 1
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data: ...truncated...
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
http-nio-8080-exec-10, WRITE: TLSv1.2 Application Data, length = 2348
http-nio-8080-exec-10, READ: TLSv1.2 Application Data, length = 1123
1 个解决方案
解决方案1
0 已采纳 2017-11-10 10:59:25
We've actually found the issue with help from the remote logging: on the Linux-machine, the URL that was requested included a port number (ie https://remote:443 ) whereas the Windows-machine the URL was defined without the port (ie https://remote ). 我们实际上在远程日志记录的帮助下发现了这个问题:在Linux机器上,请求的URL包括端口号(即https://remote:443 ),而Windows机器的URL是在没有端口(即https://remote )。 After removing the port from the Linux-configuration, everything runs fine. 从Linux配置中删除端口后,一切运行正常。
AFAIK the port number should not be part of certificate validation, but the remote webservice seems to include it anyways. AFAIK端口号不应该是证书验证的一部分,但远程Web服务似乎仍然包含它。 Anyhow, our problem is solved. 无论如何,我们的问题已经解决了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
java 命令在 linux 中抛出错误,但在 windows 中运行良好 - java command throwing an error in linux although works fine in windows
JDBC-Windows上的连接极其缓慢,Linux上的罚款 - JDBC - Connection extremely slow on Windows, Fine on Linux
java.net.SocketException:连接重置(SSL) - java.net.SocketException: Connection reset (SSL)
java代码搜索整个系统的文件,在windows上工作正常但在linux ubuntu中无限 - java code to search a file entire system, works fine on windows but infinite in linux ubuntu
Java RMI应用程序在XP上可以正常运行,但拒绝从Windows 7连接 - Java RMI app works fine from XP, but refuses connection from Windows 7
Java URLConnection适用于Windows,但不适用于Linux - Java URLConnection works with windows,but not with linux
Java:Linux上的字体看起来很乱,但在Windows上很好 - Java: Fonts look garbled on Linux, but fine on windows
Windows和Linux中的Java SSH连接 - Java ssh connection in Windows and Linux
java ssl连接被拒绝,但是它可以在本地计算机上使用 - java ssl connection refused, but it works on local machine
SSL 连接重置 - SSL Connection Reset
相关标签