Zac*_*hel 3 java sockets ssl https
我正在尝试为Web控制台创建一个安全的Web服务器,目前我遇到了问题.这是我启动HTTPS服务器的代码:
public void startServer()
{
try
{
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket) ssf.createServerSocket(8080);
for (String s : ss.getEnabledCipherSuites())
{
logger.info(s);
}
while (true)
{
Socket s = ss.accept();
OutputStream out = s.getOutputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String line = null;
while (((line = in.readLine()) != null) && (!("".equals(line))))
{
System.out.println(line);
}
StringBuffer buffer = new StringBuffer();
buffer.append("<HTML><HEAD><TITLE>HTTPS Server</TITLE></HEAD>\n");
buffer.append("<BODY>\n<H1>Success!</H1></BODY></HTML>\n");
String string = buffer.toString();
byte[] data = string.getBytes();
out.write("HTTP/1.0 200 OK\n".getBytes());
out.write(new String("Content-Length: " + data.length + "\n").getBytes());
out.write("Content-Type: text/html\n\n".getBytes());
out.write(data);
out.flush();
out.close();
in.close();
s.close();
}
}
catch (Throwable thrown)
{
logger.error(thrown);
}
}
这将打印出以下结果作为启用的密码套件:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
而且,当我尝试https://localhost:8080/从我的网络浏览器(Chrome)连接时,我收到以下异常:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.fill(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at java.io.BufferedReader.readLine(Unknown Source)
at net.jibini.inventory.http.InventoryHttp.startServer(InventoryHttp.java:54)
at net.jibini.inventory.http.InventoryHttp.start(InventoryHttp.java:33)
at net.jibini.inventory.server.InventoryServer$1.run(InventoryServer.java:47)
at java.lang.Thread.run(Unknown Source)
正如其他人提到的那样,使用-Djavax.net.debug = ssl将允许您诊断网络级别实际发生的情况.在这种情况下的问题可能是您没有指定密钥库,因此您最终将没有证书/密钥,因此您将无法协商密码套件(例如,TLS_ECDHE_EC DSA _WITH_AES_256_CBC_SHA将需要DSA密钥).
所以生成一个关键:
keytool -genkey -keystore mySrvKeystore -keyalg RSA
然后,这需要作为系统属性(-Djavax.net.ssl.keyStore ...)传递或使用set属性调用提供:
System.setProperty("javax.net.ssl.keyStore","mySrvKeystore");
System.setProperty("javax.net.ssl.keyStorePassword","1234567");
您可以看到客户端在-Djavax.net.debug = all中发送了哪些密码套件,但是如果没有密钥/证书,您的服务器将不支持任何密码套件,并且将返回关于没有密码套件的相当神秘的消息被分享.
UPDATE
作为更完整的示例,请参阅以下内容:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Socket;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
public class TestSSL
{
public static void main( String args[] )
{
try
{
System.setProperty("javax.net.ssl.keyStore","mySrvKeystore");
System.setProperty("javax.net.ssl.keyStorePassword","1234567");
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket) ssf.createServerSocket(9001);
ss.setEnabledProtocols( new String[]{"TLSv1","TLSv1.1","TLSv1.2"} );
for (String s : ss.getEnabledCipherSuites())
{
System.out.println( s );
}
while (true)
{
Socket s = ss.accept();
OutputStream out = s.getOutputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String line = null;
while (((line = in.readLine()) != null) && (!("".equals(line))))
{
System.out.println(line);
}
if( line != null )
{
StringBuffer buffer = new StringBuffer();
buffer.append("<HTML><HEAD><TITLE>HTTPS Server</TITLE></HEAD>\n");
buffer.append("<BODY>\n<H1>Success!</H1></BODY></HTML>\n");
String string = buffer.toString();
byte[] data = string.getBytes();
out.write("HTTP/1.0 200 OK\n".getBytes());
out.write(new String("Content-Length: " + data.length + "\n").getBytes());
out.write("Content-Type: text/html\n\n".getBytes());
out.write(data);
out.flush();
}
out.close();
in.close();
s.close();
}
}
catch (Throwable thrown)
{
thrown.printStackTrace();
}
}
}
请注意以下与以前发布的示例的主要区别:
| 归档时间: |
|
| 查看次数: |
5901 次 |
| 最近记录: |