San*_*ith 5 java ssl jce amazon-web-services sni
我有一些代码已经工作了很长时间,通过HTTP从webapps获取数据.它使用Apache HTTPClient(v.4.5.2),适用于有和没有SSL的站点.
最近,我试图使用if用于其他恰好使用SNI的网站.一切都在我的Windows机器上运行良好,但如果我尝试在AWS EC2 Linux实例上运行它,我会得到握手失败(因为SNI).
这是我正在运行的:
我不确定哪个组件最终导致失败(Java 8,运行时环境,HTTPClient).
我已经看过这个(https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension),但我不知道如何为HTTPClient调整它.此外,如果我必须更改代码,为什么它可以在Windows上运行?
任何人都知道我应该做什么?
编辑:根据建议,我查看了jsse.enableSNIExtension属性.这似乎是错误的,因为它似乎是一种关闭SSL的方法,这不是我想要的.
我尝试在Windows上打开/关闭它,事情只适用于它.在Linux上,当它打开时,我继续获得握手失败.
这是输出:
Windows - System.setProperty("jsse.enableSNIExtension", "false");
=================================================================
pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 189
pool-1-thread-1, READ: TLSv1.2 Alert, length = 2
pool-1-thread-1, RECV TLSv1.2 ALERT: fatal, internal_error
pool-1-thread-1, called closeSocket()
pool-1-thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: internal_error
Windows - System.setProperty("jsse.enableSNIExtension", "true");
================================================================
pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 215
pool-1-thread-1, READ: TLSv1.2 Handshake, length = 93
*** ServerHello, TLSv1.2
Linux - System.setProperty("jsse.enableSNIExtension", "true");
==============================================================
pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 143
pool-1-thread-1, READ: TLSv1.2 Alert, length = 2
pool-1-thread-1, RECV TLSv1.2 ALERT: fatal, handshake_failure
pool-1-thread-1, called closeSocket()
pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure