[英]Java client receives “connection reset” during SSL handshake with IIS server via F5 BIG-IP load balancer
We currently cannot find an approach to use Java code to connect to an IIS server (configured as mutual authentication) via a F5 BIG-IP load balancer , we have tried different Java versions and code, they all generated the same error. 当前,我们找不到使用Java代码通过F5 BIG-IP负载均衡器连接到IIS服务器(配置为相互身份验证)的方法,我们尝试了不同的Java版本和代码,它们均产生了相同的错误。
Here is what we have set up: 这是我们设置的:
Here is what we have tried: 这是我们尝试过的:
Here is the SSL log (last few lines) recorded when connecting Java client through the F5 load balancer, 这是通过F5负载平衡器连接Java客户端时记录的SSL日志(最后几行),
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 73, 224, 69, 18, 151, 153, 193, 139, 98, 147, 188, 146 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
main, WRITE: TLSv1 Handshake, length = 16
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 49 E0 45 12 97 99 C1 8B 62 93 BC 92 ....I.E.....b...
0010: 1D FC E6 70 EB 17 5C D7 CD 9A 3A A5 9D 48 55 59 ...p..\...:..HUY
0020: 62 FB F0 0E 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B b...............
[Raw write]: length = 53
0000: 16 03 01 00 30 27 77 7E 52 F6 3F 4D DB 5D 30 C0 ....0'w.R.?M.]0.
0010: 61 A4 A6 4A 9A 93 75 40 59 37 DB E3 8D DC C3 DC a..J..u@Y7......
0020: AB 1A 31 57 6A 98 6D 45 D7 43 04 2A A8 DE 7E D5 ..1Wj.mE.C.*....
0030: AF E9 D5 5A 5E ...Z^
main, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
Padded plaintext before ENCRYPTION: len = 32
0000: 02 0A 1A 14 26 47 FC 57 B2 86 75 FC 32 13 76 07 ....&G.W..u.2.v.
0010: 9E DD 02 D6 29 73 09 09 09 09 09 09 09 09 09 09 ....)s..........
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
Process finished with exit code 0
Tried Java code 1 尝试过Java代码1
SocketFactory factory = SSLSocketFactory.getDefault();
String hostname = "test-efi.in.abcdefg.com";
int port = 443;
SSLSocket socket = (SSLSocket) factory.createSocket(hostname, port);
socket.startHandshake();
Tried Java code 2 尝试过Java代码2
URL url = new URL("https://test-efi.in.abcdefg.com/InterfaceTest/api/FORM/CheckStatus?ID=123456");
conn = (HttpsURLConnection) url.openConnection();
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestMethod("GET");
if (conn.getResponseCode() != 200) {
throw new RuntimeException("Failed : HTTP error code : " + conn.getResponseCode());
}
My question is, given that the C# client, Postman, "openssl -s_client" command, "curl" command and browsers are all working correctly, can you please advise if there is a way to get this Java code working? 我的问题是,鉴于C#客户端,邮递员,“ openssl -s_client”命令,“ curl”命令和浏览器都正常运行,请问是否有办法使此Java代码正常工作? Thanks. 谢谢。
Try another Java version. 尝试另一个Java版本。 I had similar problem and the same error. 我有类似的问题和相同的错误。 Everything worked well on machine with java 1.8.0_161 but didn't work on machine with Java 1.8.0_171. 一切在使用Java 1.8.0_161的计算机上都运行良好,但在使用Java 1.8.0_171的计算机上无法正常运行。 So, I reinstalled java on bad machine (downgraded it) and it started working well. 因此,我在坏机器上重新安装了Java(降级了它),它开始正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.