我正在使用Apache HttpClient与Java中的一个主机进行通信,它正在抛出handshake_failure.完整的痕迹是
SecureRandom的触发播种完成播种的SecureRandom忽略不可用的加密套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA忽略不可用的加密套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA忽略不可用的加密套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA忽略不支持的加密算法套件:TLS_DHE_DSS_WITH_AES_128_CBC_SHA256忽略不支持的加密算法套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256忽略不支持的加密算法套件:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256忽略不支持的加密算法套件:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256忽略不支持的密码套件:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256忽略不支持的加密算法套件:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384忽略不支持的加密算法套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384忽略不支持的加密算法套件:TLS_RSA_WITH_AES_256_CBC_SHA256忽略不可用的加密套件:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA忽略不支持的加密算法套件:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256忽略不支持 密码套件:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384忽略不可用的加密套件:TLS_DHE_DSS_WITH_AES_256_CBC_SHA忽略不支持的加密算法套件:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384忽略不支持的加密算法套件:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256忽略不支持的加密算法套件:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256忽略不可用的加密套件:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA忽略不可用的加密套件:TLS_RSA_WITH_AES_256_CBC_SHA忽略不支持的加密算法套件:TLS_RSA_WITH_AES_128_CBC_SHA256允许不安全的重新协商: false允许传入hello消息:true是初始握手:true是安全重新协商:false %%没有高速缓存的客户端会话 *ClientHello,TLSv1 RandomCookie:GMT:1477593324 bytes = {140,171,214,217,33,165,60,228 ,102,207,88,112,29,40,198,242,159,61,172,89,116,98,7,195,182,144,159,226}会话ID:{}密码套件:[ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS _RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]压缩方法:{0}扩展elliptic_curves,曲线名称: {secp256r1,sect163k1,sect163r2,secp192r1,secp224r1,sect233k1,sect233r1,sect283k1,sect283r1,secp384r1,sect409k1,sect409r1,secp521r1,sect571k1,sect571r1,secp160k1,secp160r1,secp160r2,sect163r1,secp192k1,sect193r1,sect193r2,secp224k1,sect239k1,secp256k1扩展ec_point_for mats,格式:[uncompressed]扩展server_name,server_name:[host_name:integration.swiggy.com] [写] MD5和SHA1哈希:len = 180 0000:01 00 00 B0 03 01 58 12 49 EC 8C AB D6 D9 21 A5 ...... XI ...... !. 0010:3C E4 66 CF 58 70 1D 28 C6 F2 9F 3D AC 59 74 62 <.f.Xp.(... =.Ytb 0020:07 C3 B6 90 9F E2 00 00 2A C0 09 C0 13 00 2F C0. ....... ..... /.0030:04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 .... 3.2 ......... 0040:0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 ............... 0050:04 00 FF 01 00 00 5D 00 0A 00 34 00 32 00 17 00 .. ....] ... 4.2 ... 0060:01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 0070:18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 0080:11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 .. ............... 0090:0B 00 02 01 00 00 00 00 1B 00 19 00 00 16 69 6E .............. in 00A0:74 65 67 72 61 74 69 6F 6E 2E 73 77 69 67 67 79 tegration.swiggy 00B0:2E 63 6F 6D
.com main,WRITE:TLSv1握手,长度= 180 [原始写入]:长度= 185 0000:16 03 01 00 B4 01 00 00 B0 03 01 58 12 49 EC 8C ........... XI.0010:AB D6 D9 21 A5 3C E4 66 CF 58 70 1D 28 C6 F2 9F ...!.<. f.Xp.(... 0020:3D AC 59 74 62 07 C3 B6 90 9F E2 00 00 2A C0 09 = .Yt b ........*.. 0030:C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 .../..... 3.2 .... 0040:00 0A C0 03 C0 0D 00 16 00 13 C0 07 C0 11 00 05 ................ 0050:C0 02 C0 0C 00 04 00 FF 01 00 00 5D 00 0A 00 34 .... .......] ... 4 0060:00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2 .............. 0070:00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................ 0080:00 0F 00 10 00 11 00 02
00 12 00 04 00 05 00 14 .. ............... 0090:00 08 00 16 00 0B 00 02 01 00 00 00 00 1B 00 19 ................ 00A0: 00 00 16 69 6E 74 65 67 72 61 74 69 6F 6E 2E 73 ... integration.s00B0:77 69 67 67 79 2E 63 6F 6D wiggy.com线程"main"中的异常javax.net.ssl.SSLHandshakeException:收到致命警报:握手sun_security.ssl.Alerts.getSSLException(Alerts.java:192)的sun_security.ssl.Alerts.getSSLException(Alerts.java:154)sun_security.ssl.SSLSocketImpl.recvAlert( SSLSocketImpl.java:1979)在sun.securi的sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)ty.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)at the sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)at the sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)at org位于org.apache.http.impl.conn的org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)的.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) .defaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java) :380)在org.apache的org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184). org.a上的http.impl.execchain.RetryExec.execute(RetryExec.java:88)位于org.apache.http.impl.client的org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)中的pache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110).在HttpURLConnectionExample.main(HttpURLConnectionExample.java)的HttpURLConnectionExample.sendGet1(HttpURLConnectionExample.java:83)的org.apache.http.impl.client.CloseableHttpClient:107上的CloseableHttpClient.execute(CloseableHttpClient.java:82) :48)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.在com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)[raw read]:length = 5 0000:15 03 01 00 02
.. ... [原始读取]:长度= 2 0000:02 28.
(主要,READ:TLSv1警报,长度= 2主要,RECV TLSv1警告:致命,handshake_fail ure main,名为closeSocket()main,处理异常:javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
我尝试了很多东西,但无法弄清楚到底是什么问题.
您的问题是Integration.swiggy.com和Java 7没有共享任何常见的密码套件.启用TLSv1.2无济于事.
您可以从http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html下载Java 7的JCE Unlimited Strength Jurisdiction Policy文件,并替换两个JAR(local_policy.jar) ,JRE的lib/security目录下的US_export_policy.jar)和下载的包中的那些.这将添加额外的(更强大的)密码套件,您应该能够连接而无需对代码进行任何更改或启用TLSv1.2.
作为参考,这里是Java 7(1.7.0_79)中提供的密码套件:
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
* SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
* SSL_RSA_WITH_RC4_128_MD5
* SSL_RSA_WITH_RC4_128_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_RC4_128_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
以下是使用无限字符串管辖权政策文件后的内容:
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
* SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA
* SSL_RSA_WITH_RC4_128_MD5
* SSL_RSA_WITH_RC4_128_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_NULL_SHA
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_NULL_SHA
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_NULL_SHA
* TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA
TLS_ECDH_anon_WITH_NULL_SHA
TLS_ECDH_anon_WITH_RC4_128_SHA
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5
TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_3DES_EDE_CBC_MD5
TLS_KRB5_WITH_3DES_EDE_CBC_SHA
TLS_KRB5_WITH_DES_CBC_MD5
TLS_KRB5_WITH_DES_CBC_SHA
TLS_KRB5_WITH_RC4_128_MD5
TLS_KRB5_WITH_RC4_128_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256
由integration.swiggy.com提供的密码套件是:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS 256
这些都不在Java 7提供的标准密码集中.但是,最后4个是通过Unlimited Strength Jurisdiction Policy文件添加的.
| 归档时间: |
|
| 查看次数: |
4698 次 |
| 最近记录: |