[英]Received fatal alert: handshake_failure when calling from Java 1.8.0_162 to Java 1.6.0_45-b06
我正在嘗試從運行 Java 1.8.0_162 的機器向另一台運行 Java 1.6.0_45-b06 的機器發出 https 調用。 運行 1.6.0_45-b06 的安裝了bcprov-jdk15to18-1.68和bctls-jdk15to18-1.68 ,因此它可以使用 TLSv1.2。
但是,當嘗試從運行 1.8 的那個調用 https 到運行 1.6 的那個時,我得到了 handshake_failure 異常。
我嘗試將 UnlimitedJCEPolicyJDK8 添加到運行 1.8 的機器但無濟於事,並將-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1添加到運行 1.8 的 Java 服務器,同樣沒有成功。
調用者構建如下:
SSLContextBuilder sslBuilder = new SSLContextBuilder();
sslBuilder.loadTrustMaterial(null, new TrustAllStrategy());
sslBuilder.useTLS();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContexts.createDefault(), new String[] { "TLSv1.2" }, null,SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return HttpClients.custom().setSSLSocketFactory(sslsf).setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER).build();
這是我在接收端遇到的錯誤(Java 1.6):
Server raised fatal(2) handshake_failure(40) alert: Failed to read record
org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
下面是調用方的詳細堆棧跟蹤。
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1650550785 bytes = { 44, 152, 122, 205, 154, 11, 197, 160, 136, 107, 117, 135, 119, 57, 23, 170, 16, 220, 69, 195, 126, 196, 0, 173, 45, 128, 223, 148 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION__SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
default task-3, WRITE: TLSv1.2 Handshake, length = 207
default task-3, READ: TLSv1.2 Alert, length = 2
default task-3, RECV TLSv1.2 ALERT: fatal, handshake_failure
default task-3, called closeSocket()
default task-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure```
我設法通過在調用方升級到 Java 1.8 u271,在 java.security 中設置 crypto.policy=unlimited 並同時將接收者的證書(自簽名)導入新的 Java 1.8 的 cacerts 來克服它u271。 感謝@pringi 指點。
javax.net.ssl.SSLHandshakeException:收到致命警報:handshake_failure java 1.7_45
[英]javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure java 1.7_45
Java8,HttpClient,收到“收到致命警報:handshake_failure”
[英]Java8, HttpClient, receiving “Received fatal alert: handshake_failure”
SSLHandshakeException:在 Java 6 -> 8 升級后收到致命警報:handshake_failure
[英]SSLHandshakeException: Received fatal alert: handshake_failure after Java 6 -> 8 upgrade
SSLHandshakeException:收到致命警報:handshake_failure
[英]SSLHandshakeException: Received fatal alert: handshake_failure
Java https客戶端在JDK 1.5中拋出“收到的致命警報:握手失敗”,但在JDK1.6上有效
[英]java https client throws “Received fatal alert: handshake_failure” with JDK 1.5 but works on JDK1.6
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.