堆栈内存溢出
  繁体   English   中英

SSLHandshake异常

[英]SSLHandshake exception

 原文  2012-02-08 05:20:50       java/ ssl

问题描述

我正在使用Apache HttpClient(4.0)与HTTP服务器(已配置SSL)进行通信。

服务器正在使用自签名证书。 理想情况下,我希望HttpClient库的行为与浏览器相同,但是经过一番Google的了解后,我了解到必须将证书导入到JRE keystore(cacert)。 尽管在JRE密钥库中安装了证书,但我仍然收到“ SSLHandshake异常”。

这是SSL日志,我不是该领域的专家,因此需要帮助来分析日志的内容。 

trigger seeding of SecureRandom
done seeding SecureRandom
log4j:WARN No appenders could be found for logger (org.apache.http.impl.conn.SingleClientConnManager).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
main, setSoTimeout(0) called
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1328639128 bytes = { 1, 30, 97, 51, 147, 14, 89, 41, 43, 120, 56,    192, 4, 5, 113, 203, 165, 199, 153, 199, 137, 199, 98, 242, 166, 81, 208, 129 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,   TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1,  secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
main, WRITE: TLSv1 Handshake, length = 161
main, WRITE: SSLv2 client hello message, length = 146
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert:   handshake_failure
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)

这是我正在使用的代码片段。 

DefaultHttpClient httpClient = new DefaultHttpClient();

X509HostnameVerifier verifier = new X509HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }

    @Override
    public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {
    }

    @Override
    public void verify(String arg0, X509Certificate arg1) throws SSLException {
    }

    @Override
    public void verify(String arg0, SSLSocket arg1) throws IOException {
    }
};

private static class DefaultTrustManager implements X509TrustManager {

    @Override
    public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
    }

    @Override
    public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
    }

    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }

}

SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
SSLContext.setDefault(sslContext);

SSLSocketFactory sf = new SSLSocketFactory(sslContext,verifier);
ClientConnectionManager ccm = httpClient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", sf, 9002));

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpParams params = new BasicHttpParams();
httpClient = new DefaultHttpClient(ccm, params);

1 个解决方案

解决方案1
 -1  2012-02-08 05:52:24

日志中没有很多有用的信息。 但是,为什么不尝试使用其他SSL算法(例如“ SSLv2”)代替TLSv1?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 连接到APN时SSLHandshake异常 从Java发送邮件时出错(SSLHandShake异常) 在两个 Websphere 服务器之间获取 SSLHandshake 异常 PKIX路径构建失败(SSLHandshake异常) 使用jdk 1.6时SSLHandshake异常 Java:连接到 Spring Boot 中的服务时出现 SSLHandshake 异常 如何使用jsp解决SSLHandshake失败异常错误 Java HTTPComponents SOAP请求,SSLHandshake异常(PKIX路径构建失败) 有没有办法从客户端更新有关 SSLHandshake 异常的服务器? 如何解决 Tomcat 7.0.100 上的 javax.net.ssl.SSLHandshake 异常错误?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM