如果服務器不支持SSLv3，為什么Java SSL套接字連接會很難

Question

在提供程序禁用SSLv3並且我不明白原因之后，我們對JDK 7對www1.ecall.ch CXF調用開始失敗。 通過設置-Dhttps.protocols=TLSv1解決了這個問題，但我很驚訝這甚至是必要的。

JDK 7/8支持所有SSLv2Hello（2），SSLv3，TLSv1，TLSv1.1和TLSv1.2，我希望

JVM在握手期間嘗試自上而下，即首先從TLSv1.2開始
即使服務器不支持SSLv3也能建立連接

這是設置-Dhttps.protocols=TLSv1之前SSL調試日志的相關部分，即使用JVM默認值（我在開頭切斷了所有證書的列表）：

trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(180000) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
%% No cached client session
*** ClientHello, SSLv3
RandomCookie:  GMT: 1403944475 bytes = { 12, 68, 193, 229, 85, 79, 86, 211, 209, 34, 251, 218, 184, 7, 51, 93, 180, 144, 114, 70, 105, 252, 31, 61, 151, 188, 165, 177 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: www1.ecall.ch]
***
[write] MD5 and SHA1 hashes:  len = 205
0000: 01 00 00 C9 03 00 54 AE   7E 1B 0C 44 C1 E5 55 4F  ......T....D..UO
0010: 56 D3 D1 22 FB DA B8 07   33 5D B4 90 72 46 69 FC  V.."....3]..rFi.
0020: 1F 3D 97 BC A5 B1 00 00   4C C0 09 C0 13 00 2F C0  .=......L...../.
0030: 04 C0 0E 00 33 00 32 C0   07 C0 11 00 05 C0 02 C0  ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0   03 C0 0D 00 16 00 13 00  ................
0050: 04 00 FF 00 09 00 15 00   12 00 03 00 08 00 14 00  ................
0060: 11 00 20 00 24 00 1F 00   23 00 1E 00 22 00 28 00  .. .$...#...".(.
0070: 2B 00 26 00 29 01 00 00   54 00 0A 00 34 00 32 00  +.&.)...T...4.2.
0080: 17 00 01 00 03 00 13 00   15 00 06 00 07 00 09 00  ................
0090: 0A 00 18 00 0B 00 0C 00   19 00 0D 00 0E 00 0F 00  ................
00A0: 10 00 11 00 02 00 12 00   04 00 05 00 14 00 08 00  ................
00B0: 16 00 0B 00 02 01 00 00   00 00 12 00 10 00 00 0D  ................
00C0: 77 77 77 31 2E 65 63 61   6C 6C 2E 63 68           www1.ecall.ch
main, WRITE: SSLv3 Handshake, length = 205
[write] MD5 and SHA1 hashes:  len = 179
0000: 01 03 00 00 8A 00 00 00   20 00 C0 09 06 00 40 00  ........ .....@.
0010: C0 13 00 00 2F 00 C0 04   01 00 80 00 C0 0E 00 00  ..../...........
0020: 33 00 00 32 00 C0 07 05   00 80 00 C0 11 00 00 05  3..2............
0030: 00 C0 02 00 C0 0C 00 C0   08 00 C0 12 00 00 0A 07  ................
0040: 00 C0 00 C0 03 02 00 80   00 C0 0D 00 00 16 00 00  ................
0050: 13 00 00 04 01 00 80 00   00 FF 00 00 09 06 00 40  ...............@
0060: 00 00 15 00 00 12 00 00   03 02 00 80 00 00 08 00  ................
0070: 00 14 00 00 11 00 00 20   00 00 24 00 00 1F 00 00  ....... ..$.....
0080: 23 00 00 1E 00 00 22 00   00 28 00 00 2B 00 00 26  #....."..(..+..&
0090: 00 00 29 54 AE 7E 1B 0C   44 C1 E5 55 4F 56 D3 D1  ..)T....D..UOV..
00A0: 22 FB DA B8 07 33 5D B4   90 72 46 69 FC 1F 3D 97  "....3]..rFi..=.
00B0: BC A5 B1                                           ...
main, WRITE: SSLv2 client hello message, length = 179
[Raw write]: length = 181
0000: 80 B3 01 03 00 00 8A 00   00 00 20 00 C0 09 06 00  .......... .....
0010: 40 00 C0 13 00 00 2F 00   C0 04 01 00 80 00 C0 0E  @...../.........
0020: 00 00 33 00 00 32 00 C0   07 05 00 80 00 C0 11 00  ..3..2..........
0030: 00 05 00 C0 02 00 C0 0C   00 C0 08 00 C0 12 00 00  ................
0040: 0A 07 00 C0 00 C0 03 02   00 80 00 C0 0D 00 00 16  ................
0050: 00 00 13 00 00 04 01 00   80 00 00 FF 00 00 09 06  ................
0060: 00 40 00 00 15 00 00 12   00 00 03 02 00 80 00 00  .@..............
0070: 08 00 00 14 00 00 11 00   00 20 00 00 24 00 00 1F  ......... ..$...
0080: 00 00 23 00 00 1E 00 00   22 00 00 28 00 00 2B 00  ..#....."..(..+.
0090: 00 26 00 00 29 54 AE 7E   1B 0C 44 C1 E5 55 4F 56  .&..)T....D..UOV
00A0: D3 D1 22 FB DA B8 07 33   5D B4 90 72 46 69 FC 1F  .."....3]..rFi..
00B0: 3D 97 BC A5 B1                                     =....
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Broken pipe
main, called closeSocket()
main, called close()
main, called closeInternal(true)
[...upper part of stacktrace...]
Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:196)
    at java.net.SocketInputStream.read(SocketInputStream.java:122)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
    at sun.security.ssl.InputRecord.read(InputRecord.java:480)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
[...remaining part of stacktrace...]

如果我做對了，JVM首先嘗試SSLv3 Handshake然后嘗試SSLv2 client hello message ，然后再使用TLSv1。

但是，為什么它在嘗試TLSv1之后失敗但是當我啟用TLS作為它唯一支持的協議時呢？ 服務器（IIS 8.5）是否嘗試進行套接字連接跳過的非常規握手？

Answer 1

JVM（更確切地說是JSSE） 不會自上而下嘗試。 它遵循RFC （包括SSLv2 ClientHello的附錄）並發送一個 ClientHello，說明支持的最高版本，服務器可以回復任何小於或等於該版本的版本。 如果服務器認為我們的最高值太低，它會完全拒絕握手。 如果服務器（暫時）接受我們認為太低的版本（或者想要跳過，但這很愚蠢）我們中止握手。 這是常見的瀏覽器行為“退回”導致POODLE的較低協議（參見許多關於哪些問題）。

在這種情況下，出現javax.net.debug跟蹤會產生誤導。 如果啟用了SSLv2Hello - 默認情況下是在Java6中，而不是在Java7中，那么您是否在某處更改了它？ - JSSE顯然為SSLv3 +（新格式）hello和SSLv2（映射舊格式）hello顯示並說“WRITE”，但它實際上只發送后者，（@Steffen）由openssl s_server確認。

因此很明顯，如果沒有https.protocol更改，您的客戶端將發送SSLv2格式hello，服務器將拒絕它。 這不是絕對必要的：技術上可以使用SSLv2 格式來協商TLSv1.0甚至更高，例如OpenSSL可以這樣做，但這不是一個好主意; SSLv2 協議自2001年左右被摒棄為已知的不安全因素，並且在2011年被RFC 6176正式禁止，SSLv2 格式 hello不能支持擴展，包括ECC的半連接，1.2中的sigalgs和（如@Steffen所述））許多網絡服務器今天需要或想要的SNI。 服務器的配置很可能禁止SSLv3也具有禁止SSLv2 格式的效果，這將是我的賭注，如果是這樣，它是最好的。

此外：您的代碼（或可能是庫）中出現的內容正在啟用所有或幾乎所有支持的密碼。 這是一個壞主意。 你好你提供多年來一直不安全的單DES套件，永遠不安全的導出套件，以及在互聯網上完全無用的Kerberos套件，包括無用且完全不安全的Kerberos導出套件。 一個體面的服務器不會同意這些，但如果您碰巧連接到配置錯誤或不正常的服務器，您將獲得明顯成功的連接，除非您非常密切地監控，否則不會發現它是不安全的。

如果服務器不支持SSLv3，為什么Java SSL套接字連接會很難

問題描述

1 個解決方案

解決方案1
7 已采納 2015-01-10 19:15:06

如果服務器不支持SSLv3，為什么Java SSL套接字連接會很難

問題描述

1 個解決方案

解決方案1 7 已采納 2015-01-10 19:15:06

解決方案1
7 已采納 2015-01-10 19:15:06