堆栈内存溢出
  简体   繁体   English

Tomcat 7 Web应用程序获取SSL握手_失败,桌面应用程序未获取

[英]Tomcat 7 Web App gets SSL handshake_failure, desktop application doesn't

 原文  2018-07-19 10:10:39       java/ https/ tomcat7/ handshake/ sslhandshakeexception

问题描述

Hey everyone, my web app is having problems with HTTPS connections, resulting in handshake_failure . 大家好,我的网络应用遇到HTTPS连接问题,导致handshake_failure

In order to troubleshoot it, I wrote a simple desktop application with the same parameters used inside the web app. 为了对其进行故障排除,我编写了一个简单的桌面应用程序,该应用程序使用了与Web应用程序相同的参数。

This is the source code of the desktop app: 这是桌面应用程序的源代码: 

public class Main {
    private final static String helperMsg = "java -jar SSLTest.jar url";

    public static void main(String[] args) {
        System.setProperty("https.protocols", "TLSv1.2,TLSv1.1");

        if(args.length < 1){
            System.out.println("Insufficient arguments: " + args.length);
            System.out.println(helperMsg);
            return;
        }
        String httpsTarget = args[0];
        URL url;
        try {
            url = new URL(httpsTarget);
            HttpsURLConnection connection = (HttpsURLConnection)url.openConnection();
            if(connection == null)
                throw new IOException("Connection null");

            SSLSocketFactoryEx factory = new SSLSocketFactoryEx(null,null,null);
            connection.setSSLSocketFactory(factory);

            connection.setRequestMethod("GET");
            connection.connect();
            System.out.println(connection.getResponseCode() + ": " + connection.getResponseMessage());
        } catch (Exception e) {
            System.out.println("Exception: " + e.getMessage());
        }
    }
}

Where SSLSocketFactoryEx is from this post . SSLSocketFactoryEx来自本文

After packaging this simple app to an executable JAR file and installing the required certificates to my trust store, my launch command is the following: 将这个简单的应用程序打包为可执行的JAR文件并将所需的证书安装到我的信任存储区之后,我的启动命令如下: 

java -Djavax.net.ssl.trustStore=<trustStoreFile> -Djavax.net.debug=all -jar SSLTest.jar <httpsURL>

Inside the web application, the HTTPS connection commands are exactly the same, but while the desktop app successfully gets an HTTP response , the web app is stuck on the handshake_failure , just like when using the desktop application I didn't specify the usage of TLSv1.2 or TLSv1.1 as default via the System.setProperty("https.protocols", "TLSv1.2,TLSv1.1") instruction and wasn't using the SSLSocketFactoryEx as custom SSLSocketFactory for HttpsURLConnection . 在Web应用程序内部,HTTPS连接命令完全相同,但是当桌面应用程序成功获取HTTP响应时 ,Web应用程序被卡在handshake_failure ,就像在使用桌面应用程序时一样,我没有指定TLSv1的用法通过System.setProperty("https.protocols", "TLSv1.2,TLSv1.1")指令默认为.2或TLSv1.1,并且未使用SSLSocketFactoryEx作为HttpsURLConnection自定义SSLSocketFactory

That's why I'm giving the fault to the Tomcat configuration, but I can't understand what. 这就是为什么我将故障归咎于Tomcat配置,但是我不明白是什么原因。

My Tomcat Java options already include the following VM arguments: 我的Tomcat Java选项已经包含以下VM参数: 

-Djavax.net.ssl.trustStore=<trustStoreFile>
-Dhttps.protocols=TLSv1.2,TLSv1.1
-Djavax.net.debug=all

and my server.xml contains the following fields: 并且我的server.xml包含以下字段: 

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
        keystoreFile=<keyStoreFile> keystorePass=<keyStorePW>
        truststoreFile=<trustStoreFile> truststorePass=<trustStorePW>
        sslEnabledProtocols="TLSv1.2,TLSv1.1"
        redirectPort="8443" />

I also tried setting the keystoreFile , keystorePass , truststoreFile and truststorePass properties, alongside the protocols one, in the web app via instructions, with no results at all, still getting handshake_failure . 我还尝试通过说明在Web应用程序中通过说明在protocols设置keystoreFilekeystorePasstruststoreFiletruststorePass属性,以及protocols之一,但没有任何结果,仍然出现handshake_failure

I'm using Tomcat 7.0.59 and jdk1.7.0_80 and I'm unable to update anything. 我正在使用Tomcat 7.0.59和jdk1.7.0_80,但无法更新任何内容。

Thanks for your efforts. 感谢您的努力。

-- EDIT -- -编辑- 

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
http-apr-80-exec-47, called close()
http-apr-80-exec-47, called closeInternal(true)
http-apr-80-exec-47, called closeSocket(selfInitiated)
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_NULL_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
DOPO CHIAMATA 3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1531997568 bytes = { 145, 51, 114, 234, 178, 6, 227, 30, 223, 175, 233, 64, 136, 117, 68, 227, 252, 207, 144, 188, 113, 85, 202, 197, 214, 163, 225, 65 }
Session ID:  {}
Cipher Suites: [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: <hotsname>]
***
[write] MD5 and SHA1 hashes:  len = 140
0000: 01 00 00 88 03 03 5B 50   6E 80 91 33 72 EA B2 06  ......[Pn..3r...
0010: E3 1E DF AF E9 40 88 75   44 E3 FC CF 90 BC 71 55  .....@.uD.....qU
0020: CA C5 D6 A3 E1 41 00 00   10 00 6A 00 33 00 32 00  .....A....j.3.2.
0030: 3D 00 35 00 3C 00 2F 00   FF 01 00 00 4F 00 0D 00  =.5.<./.....O...
0040: 1A 00 18 06 03 06 01 05   03 05 01 04 03 04 01 03  ................
0050: 03 03 01 02 03 02 01 02   02 01 01 00 00 00 2D 00  ..............-.
0060: 2B 00 00 28 63 6F 6C 6C   70 72 6F 78 79 6F 75 74  +..(XXXXXXXXXXX
0070: 2E 77 68 6F 6C 65 73 61   6C 65 2E 74 65 6C 65 63  XXXXXXXXXXXXXXX
0080: 6F 6D 69 74 61 6C 69 61   2E 63 6F 6D              XXXXXXXXXXXX
http-apr-80-exec-47, WRITE: TLSv1.2 Handshake, length = 140
[Raw write]: length = 145
0000: 16 03 03 00 8C 01 00 00   88 03 03 5B 50 6E 80 91  ...........[Pn..
0010: 33 72 EA B2 06 E3 1E DF   AF E9 40 88 75 44 E3 FC  3r........@.uD..
0020: CF 90 BC 71 55 CA C5 D6   A3 E1 41 00 00 10 00 6A  ...qU.....A....j
0030: 00 33 00 32 00 3D 00 35   00 3C 00 2F 00 FF 01 00  .3.2.=.5.<./....
0040: 00 4F 00 0D 00 1A 00 18   06 03 06 01 05 03 05 01  .O..............
0050: 04 03 04 01 03 03 03 01   02 03 02 01 02 02 01 01  ................
0060: 00 00 00 2D 00 2B 00 00   28 63 6F 6C 6C 70 72 6F  ...-.+..(XXXXXX
0070: 78 79 6F 75 74 2E 77 68   6F 6C 65 73 61 6C 65 2E  XXXXXXXXXXXXXXX
0080: 74 65 6C 65 63 6F 6D 69   74 61 6C 69 61 2E 63 6F  XXXXXXXXXXXXXXX
0090: 6D                                                 XXXXX
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
http-apr-80-exec-47, READ: TLSv1.2 Alert, length = 2
http-apr-80-exec-47, RECV TLSv1 ALERT:  fatal, handshake_failure
http-apr-80-exec-47, called closeSocket()
http-apr-80-exec-47, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Received fatal alert: handshake_failure

1 个解决方案

解决方案1
 0 已采纳  2018-07-20 09:12:19

唯一可行的选择是在更新的jvm.dll上运行Tomcat,此修复了SSL错误,因为默认情况下从jre 1.7.0_131-b31起启用TLSv1.1和TLSv1.2。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Websphere 8.5 上的 SSL 握手失败(在 Tomcat 上工作) - SSL handshake_failure on Websphere 8.5 (working on Tomcat) Java SSL handshake_failure - Java SSL handshake_failure 如果应用程序使用 jpackage 构建,则 Java SSL 握手失败 - Java SSL handshake_failure if app built with jpackage 收到致命警报:Tomcat的握手握手失败 - Received fatal alert: handshake_failure with Tomcat SSL handshake_failure in Client Hello - SSL handshake_failure in Client Hello Java SSL SSLHandshakeException handshake_failure - Java SSL SSLHandshakeException handshake_failure ClientHello期间的SSL handshake_failure - SSL handshake_failure during ClientHello java ssl handshake_failure问题 - java ssl handshake_failure issue SSL:收到致命警报:handshake_failure - SSL : Received fatal alert: handshake_failure Java Web服务检查SSL握手警报:handshake_failure - Java webservice checking for SSL handshake alert: handshake_failure
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM