如何在不禁用SNI的情况下修复SSLProtocolException：握手警报：无法识别的名称

Question

我制作了一个爬网应用程序，由于错误“握手警报：无法识别的名称”，某些网站无法连接。

我发现的大多数解决方案都是通过禁用SNI扩展（jsse.enableSNIExtension = false）。 但是，这会导致需要启用SNI的域产生问题。

如何仅对某些域禁用它？

为了进行爬网，我使用了Jsoup，并且由于我也使用了代理，因此我在启动时添加了此代码。

  private static void disableSslVerification() {
    TrustManager[] trustAllCertificates = new TrustManager[] {
            new X509TrustManager() {
                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null; // Not relevant.
                }
                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                    // Do nothing. Just allow them all.
                }
                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    // Do nothing. Just allow them all.
                }
            }
    };

    HostnameVerifier trustAllHostnames = new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
            return true; // Just allow them all.
        }
    };

    try {
        System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,SSLv3");
       // System.setProperty("jsse.enableSNIExtension", "false");
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCertificates, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(trustAllHostnames);
    }
    catch (GeneralSecurityException e) {
        throw new ExceptionInInitializerError(e);
    }
}

如您所见，SNIextension已注释。 我将不胜感激。

我尝试访问的URL是下一个。

https://www.ocinerioshopping.es/

Answer 1

我设法通过扩展SSLSocketConnection并通过在调用createSocket时发送null而不是主机名来解决此问题。 这样，java将禁用SNI。 然后，我只是将新类的一个实例传递给Jsoup，在那里我知道SNI将失败。

import javax.net.ssl.*;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

public class CustomSSLSocketFactory extends SSLSocketFactory {
    private SSLSocketFactory defaultFactory;
    public CustomSSLSocketFactory() throws IOException {
        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType) {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};

        try {
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init((KeyManager[])null, trustAllCerts, new SecureRandom());
            defaultFactory = sslContext.getSocketFactory();
        } catch (KeyManagementException | NoSuchAlgorithmException var3) {
            throw new IOException("Can't create unsecure trust manager");
        }
    }
    @Override
    public String[] getDefaultCipherSuites() {
       return defaultFactory.getDefaultCipherSuites();
    }

    @Override
    public String[] getSupportedCipherSuites() {
        return defaultFactory.getSupportedCipherSuites();
    }

    @Override
    public Socket createSocket(Socket socket, String s, int i, boolean b) throws IOException {
        //magic happens here, we send null as hostname
        return defaultFactory.createSocket(socket, null, i, b);
    }

    @Override
    public Socket createSocket(String s, int i) throws IOException, UnknownHostException {
        return defaultFactory.createSocket(s,i);
    }

    @Override
    public Socket createSocket(String s, int i, InetAddress inetAddress, int i1) throws IOException, UnknownHostException {
        return defaultFactory.createSocket(s,i,inetAddress,i1);
    }

    @Override
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return defaultFactory.createSocket(inetAddress, i);
    }

    @Override
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1) throws IOException {
        return defaultFactory.createSocket(inetAddress,i, inetAddress1, i1);
    }
}

Jsoup初始化。

Connection conn = Jsoup.connect(url);
conn.sslSocketFactory(new CustomSSLSocketFactory());

如何在不禁用SNI的情况下修复SSLProtocolException：握手警报：无法识别的名称

问题描述

1 个解决方案

解决方案1
0 已采纳 2019-06-27 13:03:21

如何在不禁用SNI的情况下修复SSLProtocolException：握手警报：无法识别的名称

问题描述

1 个解决方案

解决方案1 0 已采纳 2019-06-27 13:03:21

解决方案1
0 已采纳 2019-06-27 13:03:21