![](/img/trans.png)
[英]Burp Suite Error “Received fatal alert: handshake_failure”
[英]JDK 1.8 with error “Received fatal alert: handshake_failure”
我对SSLHandshake有问题。 我有一个使用jdk 1.8的应用程序,并且该供应商仅向WSDL服务器提供了对jdk 1.7的支持。
供应商已向我们提供了文件jssecacerts
,其文档的主要内容是Copy the file into %JAVA_HOME%\\jre\\lib\\security
。
实际上,我尝试使用他的方法,并且它是jdk 1.7的工作文件。 但是,我无法通过jdk 1.8和下面的错误信息来解决。
由于供应商的演示文件,我使用HttpClient 3.1
。
这是我的示例代码:
public static void main(String[] args){
try {
String sslKeyStorePassword = "changeit";
String sslKeyStoreType = "JKS";
String sslTrustStore = "/Users/adam/Documents/shanghai-vpn/jssecacerts";
String sslTrustStorePassword = "changeit";
System.setProperty("javax.net.ssl.keyStore", sslKeyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword",
sslKeyStorePassword);
System.setProperty("javax.net.ssl.keyStoreType", sslKeyStoreType);
System.setProperty("javax.net.ssl.trustStore", sslTrustStore);
System.setProperty("javax.net.ssl.trustStorePassword", sslTrustStorePassword);
MultiThreadedHttpConnectionManager connectionManager =
new MultiThreadedHttpConnectionManager();
HttpClient httpClient = new HttpClient(connectionManager);
Protocol myhttps = new Protocol("https", new MySSLProtocolSocketFactory(), 443);
Protocol.registerProtocol("https", myhttps);
loginVPN(httpClient);
} catch (Exception e) {
e.printStackTrace();
}
public static void loginVPN(HttpClient httpClient)
throws Exception {
//STEP1:
HttpClientParams httparams = new HttpClientParams();
httparams.setSoTimeout(30000);
httpClient.setParams(httparams);
httpClient.getHostConfiguration().setHost("vpn.shanghai-cis.com.cn", 80);
PostMethod login = new PostMethod(step1URI);
login.addRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
httpClient.executeMethod(login);
cookies = httpClient.getState().getCookies();
System.out.println("==========Cookies============");
int i = 0;
for (Cookie c : cookies) {
System.out.println(++i + ": " + c);
}
httpClient.getState().addCookies(cookies);
login.releaseConnection();
//STEP2:
PostMethod login2 = new PostMethod(step2URI);
login2.addRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
login2.addRequestHeader("Refer", step1URI);
login2.addRequestHeader("Accept", "image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*");
NameValuePair tgroup = new NameValuePair("tgroup", "");
NameValuePair next = new NameValuePair("next", "");
NameValuePair tgcookieset = new NameValuePair("tgcookieset", "");
NameValuePair Login = new NameValuePair("Login", "登录");
NameValuePair Email = new NameValuePair("username", username);
NameValuePair password1 = new NameValuePair("password", password);
// NameValuePair code = new NameValuePair( "code"
// ,"????");//��ʱ����Ҫ��֤�룬��ʱδ���
NameValuePair[] data = { tgroup , next , tgcookieset, Login, Email, password1 };
login2.setRequestBody(data);
httpClient.executeMethod(login2);
cookies = httpClient.getState().getCookies();
System.out.println("==========Cookies============");
int j = 0;
for (Cookie c : cookies) {
System.out.println(++j + ": " + c);
}
httpClient.getState().addCookies(cookies);
login2.releaseConnection();
}
和错误异常:
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, setSoTimeout(30000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1481548099 bytes = { 124, 16, 201, 38, 215, 71, 235, 91, 191, 248, 50, 237, 230, 137, 196, 155, 59, 106, 75, 151, 240, 243, 107, 61, 130, 213, 232, 204 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [type=host_name (0), value=vpn.shanghai-cis.com.cn]
***
[write] MD5 and SHA1 hashes: len = 183
0000: 01 00 00 B3 03 01 58 4F A1 43 7C 10 C9 26 D7 47 ......XO.C...&.G
0010: EB 5B BF F8 32 ED E6 89 C4 9B 3B 6A 4B 97 F0 F3 .[..2.....;jK...
0020: 6B 3D 82 D5 E8 CC 00 00 2C C0 0A C0 14 00 35 C0 k=......,.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 00 FF 01 00 00 5E 00 0A 00 34 00 32 00 ........^...4.2.
0060: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
0070: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
0080: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
0090: 16 00 0B 00 02 01 00 00 00 00 1C 00 1A 00 00 17 ................
00A0: 76 70 6E 2E 73 68 61 6E 67 68 61 69 2D 63 69 73 vpn.shanghai-cis
00B0: 2E 63 6F 6D 2E 63 6E .com.cn
main, WRITE: TLSv1 Handshake, length = 183
[Raw write]: length = 188
0000: 16 03 01 00 B7 01 00 00 B3 03 01 58 4F A1 43 7C ...........XO.C.
0010: 10 C9 26 D7 47 EB 5B BF F8 32 ED E6 89 C4 9B 3B ..&.G.[..2.....;
0020: 6A 4B 97 F0 F3 6B 3D 82 D5 E8 CC 00 00 2C C0 0A jK...k=......,..
0030: C0 14 00 35 C0 05 C0 0F 00 39 00 38 C0 09 C0 13 ...5.....9.8....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A ./.....3.2......
0050: C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 5E 00 0A .............^..
0060: 00 34 00 32 00 17 00 01 00 03 00 13 00 15 00 06 .4.2............
0070: 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D ................
0080: 00 0E 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 ................
0090: 00 14 00 08 00 16 00 0B 00 02 01 00 00 00 00 1C ................
00A0: 00 1A 00 00 17 76 70 6E 2E 73 68 61 6E 67 68 61 .....vpn.shangha
00B0: 69 2D 63 69 73 2E 63 6F 6D 2E 63 6E i-cis.com.cn
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at com.umoney.finance.Login.loginVPN(Login.java:69)
at com.umoney.finance.Login.main(Login.java:292)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
TLS / SSL是明确指定的协议,因此不应依赖JDK版本。 jssecacerts文件仅应替换受信任证书的列表(问题是-您要这样做吗?我只是将jssecacerts中的证书导入到信任库中)。
现在-请参阅SSL调试:
这意味着服务器拒绝了您的客户端提供的参数。
第一个问题-SSL服务器是否需要客户端X.509身份验证? (相互SSL)。 然后,客户端需要具有服务器信任的私钥和证书。
您的客户端仅支持协议的有限子集(从安全角度考虑,直到协议安全为止都是可以的)。 检查服务器是否支持至少一个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.