tomcat ssl 客户端握手 java 错误
[英]tomcat ssl client handshake java error
问题描述
The error: on the ssl handshake with the ssl server.
错误:在 ssl 上与 ssl 服务器握手。 After: client hello, server hello, certificate, server key exchange and server hello done.之后:客户端问候、服务器问候、证书、服务器密钥交换和服务器问候完成。 The web apps crashes with: java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.SunJCE_b web 应用程序崩溃: java.lang.NoClassDefFoundError:无法初始化 class javax.crypto.SunJCE_b
The problem occurs on:问题发生在:
tomcat 6.0.29 tomcat 6.0.29
Tried the following JVM:尝试了以下 JVM:
1.5, 1.6_22, 1.6_25 1.5、1.6_22、1.6_25
now running:现在运行:
java -version java version "1.6.0_25" Java(TM) SE Runtime Environment (build 1.6.0_25-b06) Java HotSpot(TM) Server VM (build 20.0-b11, mixed mode) java -version java version "1.6.0_25" Java(TM) SE Runtime Environment (build 1.6.0_25-b06) Java HotSpot(TM) Server VM (build 20.0-b11, mixed mode)
Operating System:操作系统:
uname -a unname -a
SunOS hostname 5.10 Generic_118833-33 sun4v sparc sun4v SunOS 主机名 5.10 Generic_118833-33 sun4v sparc sun4v
More details:更多细节:
The stacktrace:堆栈跟踪:
java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.SunJCE_b
javax.crypto.KeyGenerator.a(DashoA13*..)
javax.crypto.KeyGenerator.<init>(DashoA13*..)
javax.crypto.KeyGenerator.getInstance(DashoA13*..)
com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223)
com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:89)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:744)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:73)
com.gosselinchristian.SSLPokeServlet.doGet(SSLPokeServlet.java:86)
The code:编码:
protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
try {
System.out.println(getClasspathString());
System.out.println(getPropertiesString());
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory
.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
"some_server", 443);
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
// Write a test byte to get a reaction :)
out.write(1);
while (in.available() > 0) {
System.out.print(in.read());
}
System.out.println("Successfully connected");
} catch (Exception exception) {
exception.printStackTrace();
}
}
Some tomcat startup options:一些 tomcat 启动选项:
JAVA_OPTS='-server -Dapp.name=TEST -Dfile.encoding=ISO-8859-1 -XX:PermSize=128m -XX:MaxPermSize=128m -Xms512m -Xmx2048m -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.ssl.trustStore=/export/home/user/some_server_certs -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.debug=all'
The same code, same jvm, same certificate works in other environments.相同的代码,相同的 jvm,相同的证书适用于其他环境。 Anyone has an idea of where this can go wrong?任何人都知道 go 哪里错了?
3 个解决方案
解决方案1
1 2011-05-27 02:57:34
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
Get rid of that for a start, it is seven years out of date.首先摆脱它,它已经过时了七年。 It was for JDK 1.3 only.它仅适用于 JDK 1.3。
There is something wrong with your JRE installation.您的 JRE 安装有问题。 Reinstall, and then make sure Tomcat is using the newly installed version.重新安装,然后确保 Tomcat 使用的是新安装的版本。
解决方案2
1 2011-05-27 03:38:10
The javax.crypto.SunJCE_b class resides in <JAVA_HOME>/lib/jce.jar of the Sun JDK/JRE. javax.crypto.SunJCE_b class 位于 Sun JDK/JRE 的<JAVA_HOME>/lib/jce.jar中。 It should ideally be loaded by the bootstrap classloader.理想情况下,它应该由引导类加载器加载。 The failure to load this class indicates something amiss with the classloading mechanism for your web-application, and possibly for Tomcat as well.未能加载此 class 表明您的 Web 应用程序的类加载机制存在问题,可能还有 Tomcat。
You might want to check你可能想检查
- if the JRE/JDK contains this JAR.如果 JRE/JDK 包含此 JAR。
- if the
CLASSPATHvariable is being set in a manner, that causes a different archive to be loaded, or not be loaded at all.如果以某种方式设置CLASSPATH变量,则会导致加载不同的存档,或者根本不加载。 This point usually doesn't apply as the bootstrap classloader should load the class, instead of the system classloader (which relies on this environment variable).这一点通常不适用,因为引导类加载器应该加载 class,而不是系统类加载器(依赖于这个环境变量)。 - if any of your applications is using AOP-style techniques to instrument the javax.crypto.* classes.如果您的任何应用程序使用 AOP 风格的技术来检测 javax.crypto.* 类。 You might want to configure such an application to exclude these classes (primarily) from instrumentation.您可能希望配置这样的应用程序以从检测中(主要)排除这些类。 In short, verify for custom classloader implementations.简而言之,验证自定义类加载器实现。
解决方案3
1 2011-09-27 17:23:45
This is an old post, but I'm just responding anyway, in case it's relevant for others who stumble upon this.这是一篇旧帖子,但无论如何我只是回应,以防它与其他偶然发现此问题的人相关。 We have encountered this error on our servers, and the issue was actually related to the open file limit.我们在服务器上遇到了这个错误,这个问题实际上与打开文件限制有关。 Check your open file limit.检查您的打开文件限制。 If it's something like 1024 then you probably have the same issue.如果它是类似 1024 的东西,那么你可能有同样的问题。 Increase your open file limit for the user that Tomcat is running as.为运行 Tomcat 的用户增加打开文件的限制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.