[英]Two way SSL digital certificate authentication is failing in Java 6 but working in Java 7
我有一個Java程序通過2種SSL證書身份驗證連接到服務器。 它在Java 7上運行正常,但在Java 6上運行失敗。不幸的是,我們的系統仍在使用Java6。因此,我試圖使其在Java 6上運行。
在SSL相互身份驗證事務的第一步,連接失敗。 那是ClientHello步驟。 我們收到來自服務器的致命錯誤。 根據我的分析,我認為問題可能與不受支持的密碼套件有關(即服務器不支持客戶端發送的密碼套件),但不確定。
我嘗試使用System.setProperty(“ javax.net.debug”,“ ssl:handshake”); 調試問題,但調試信息指向特定問題。
我什至無法獲得Java 6中的安全類的源代碼(例如com.sun.net.ssl.internal.ssl。*包)來調試代碼。
這是ssl調試日志:
*** ClientHello, TLSv1
RandomCookie: GMT: 1438890076 bytes = { 65, 109, 167, 225, 235, 81, 235, 118, 35, 88, 126, 146, 201, 181, 233, 118, 222, 126, 190, 170, 247, 232, 166, 222, 98, 157, 165, 150 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:476)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at com.castlight.ws.healthfund.welsforgo.WellsForgoTester_JDK6.main(WellsForgoTester_JDK6.java:72)
如何具體找出問題所在? 有沒有辦法調試Java 6安全代碼(例如com.sun.net.ssl.internal.ssl。*程序包)?
首先,您需要知道jdk1.6.115以下的Java 6不支持TLSv1.2。 您需要升級JDK vesrion。 另請注意,您無法通過代碼中的系統屬性設置TLSv1.2。 您將需要使用代碼顯式設置它。 您需要在調用API之前在密鑰庫中設置TLSv1.2屬性。
Java 11 Apache HTTPClient SSL證書身份驗證不起作用
[英]Java 11 Apache HTTPClient SSL certificate authentication not working
2種方式的SSL身份驗證無法使用Apache httpclient進行操作:JAVA
[英]2 way SSL authentication not working using Apache httpclient: JAVA
我的 SSL 客戶端 (Java) 未通過雙向 SSL 握手將證書發送回服務器
[英]My SSL client (Java) isn't sending a certificate back to the server in two-way SSL handshake
SSL客戶端(Java)不在兩次SSL握手中將證書發送回服務器
[英]SSL client (Java) is not sending a certificate back to the server in two-way SSL handshake
從數字證書中獲取Java中兩個方括號之間的數據?
[英]Getting the data between two square brackets in java from a digital certificate?
Java - 使用客戶端證書身份驗證時取消Ssl流
[英]Java - Ssl stream is cancelled when using client certificate authentication
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.