我有授权SSL连接的问题.我创建了Struts Action,它通过Client Authorized SSL证书连接到外部服务器.在我的行动中我试图将一些数据发送到银行服务器但没有任何运气,因为我从服务器得到以下错误的结果:
error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我的Action类从我的Action类发送数据到服务器
//Getting external IP from host
URL whatismyip = new URL("http://automation.whatismyip.com/n09230945.asp");
BufferedReader inIP = new BufferedReader(new InputStreamReader(whatismyip.openStream()));
String IPStr = inIP.readLine(); //IP as a String
Merchant merchant;
System.out.println("amount: " + amount + ", currency: " + currency + ", clientIp: " + IPStr + ", description: " + description);
try {
merchant = new Merchant(context.getRealPath("/") + "merchant.properties");
} catch (ConfigurationException e) {
Logger.getLogger(HomeAction.class.getName()).log(Level.INFO, "message", e);
System.err.println("error: " + e.getMessage());
return …我正在使用Java 6,并尝试HttpsURLConnection使用客户端证书创建针对远程服务器.
服务器使用自签名根证书,并要求提供受密码保护的客户端证书.我已将服务器根证书和客户端证书添加到我在/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/cacerts(OSX 10.5)中找到的默认java密钥库中.密钥库文件的名称似乎表明客户端证书不应该进入那里?
无论如何,将根证书添加到这个商店解决了臭名昭着的问题 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed' problem.
但是,我现在仍然坚持如何使用客户端证书.我尝试了两种方法,并没有让我到任何地方.
首先,首选,尝试:
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URL url = new URL("https://somehost.dk:3049");
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);
InputStream inputstream = conn.getInputStream();
// The last line fails, and gives:
// javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我试过跳过HttpsURLConnection类(不理想,因为我想与服务器谈论HTTP),而是这样做:
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("somehost.dk", 3049);
InputStream inputstream = sslsocket.getInputStream();
// do anything with the inputstream results in:
// java.net.SocketTimeoutException: Read timed out
我甚至不确定客户端证书是否存在问题.
我与VPN连接以设置库存API以获取产品列表,它工作正常.一旦我从Web服务获得结果并且我绑定到UI.此外,当我拨打电话付款时,我还将PayPal与我的应用程序集成,以便快速结账.我遇到了这个错误.我使用servlet进行后端处理.任何人都可以说如何解决这个问题?
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
我试图在android中运行以下代码
URLConnection l_connection = null;
// Create connection
uzip=new UnZipData(mContext);
l_url = new URL(serverurl);
if ("https".equals(l_url.getProtocol())) {
System.out.println("<<<<<<<<<<<<< Before TLS >>>>>>>>>>>>");
sslcontext = SSLContext.getInstance("TLS");
System.out.println("<<<<<<<<<<<<< After TLS >>>>>>>>>>>>");
sslcontext.init(null,
new TrustManager[] { new CustomTrustManager()},
new java.security.SecureRandom());
HttpsURLConnection
.setDefaultHostnameVerifier(new CustomHostnameVerifier());
HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext
.getSocketFactory());
l_connection = (HttpsURLConnection) l_url.openConnection();
((HttpsURLConnection) l_connection).setRequestMethod("POST");
} else {
l_connection = (HttpURLConnection) l_url.openConnection();
((HttpURLConnection) l_connection).setRequestMethod("POST");
}
/*System.setProperty("http.agent", "Android_Phone");*/
l_connection.setConnectTimeout(10000);
l_connection.setRequestProperty("Content-Language", "en-US");
l_connection.setUseCaches(false);
l_connection.setDoInput(true);
l_connection.setDoOutput(true);
System.out.println("<<<<<<<<<<<<< Before Connection >>>>>>>>>>>>");
l_connection.connect();
在l_connection.connect(),它给出了这个SSLhandshakeException.有时候它有效,但大部分时间它都有例外.它只发生在Android 4.0模拟器上.我在Android 4.4和5.0上测试过,它运行正常.可能是什么原因造成的?请帮忙
堆栈跟踪
04-28 15:51:13.143: W/System.err(2915): javax.net.ssl.SSLHandshakeException: …ssl android sslhandshakeexception android-4.0.3-ice-cream-sandwich
我工作的一个应用程序为其(功率)的用户必须建立自己的服务器(即Nginx的)运行的后台程序.需要在应用程序中配置相应的域才能连接.我一直在测试我自己的手机(索尼z3c)并开始开发5.1.后来我收到了6.0的更新,但仍在模拟器中维护了一个工作5.1.不久前,我开始研究带有7.0图像的AVD,我很惊讶它不会连接到我的服务器,告诉我ssl握手失败了.我的nginx配置非常严格,但它适用于5.1和6.0,所以......?!
这就是我所知道的:
如果没有TLSSocketFactory,则通过裸实请求队列进行请求,实例化为Volley.newRequestQueue(context).
这是我在android studio中看到的:
W/System.err: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: Connection closed by peer
W/System.err: at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:151)
W/System.err: at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:112)
W/System.err: Caused by: javax.net.ssl.SSLHandshakeException: Connection closed by peer
W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
W/System.err: at com.android.okhttp.Connection.connectTls(Connection.java:235)
W/System.err: at com.android.okhttp.Connection.connectSocket(Connection.java:199)
W/System.err: at com.android.okhttp.Connection.connect(Connection.java:172)
W/System.err: at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
W/System.err: at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
W/System.err: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
W/System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
W/System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)
W/System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)
W/System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:257)
W/System.err: at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
W/System.err: …ssl android elliptic-curve sslhandshakeexception android-7.0-nougat
我正在使用SSLServerSocket接受我的openSUSE服务器上的客户端连接,但它们都不能连接.我总是得到一个SSLHandshakeException说no cipher suites in common.我已经激活了所有可能的套件,启用了多个协议,尝试使用最新的oracle JRE和openjdk.我还在论坛和东西上关注了其他几个帖子并"解锁"了oracle jre中的所有密码套件,我改变了openjdk jre的设置,如下所示:
已禁用:已#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
启用:security.provider.9=sun.security.ec.SunEC
这是我初始化SSLServerSocket的方式:
System.setProperty("javax.net.ssl.keyStore", "./keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "nopassword");
java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, trustAllCerts, new …在我的应用程序中,我试图向我的服务器发出 HTTPS POST 请求。但是,我一直收到 SSLHandshakeException - 链验证失败。我尝试使用 POSTMAN 发送请求,但收到了服务器的响应。当我尝试从应用程序发送请求时,什么可能导致此错误?
这是我尝试发送发布请求的代码片段:
public static JSONObject getDataLibConfiguration(Context context) throws HttpRequestException {
int statusCode = 0;
JSONObject commonInformation;
HttpsURLConnection connection = null;
try {
commonInformation = ConfigurationProcessor.getCommonInformation(context);
if (commonInformation == null) {
return null;
}
URL url = new URL(BuildConfig.SERVER_CONFIG_URL);
if (BuildConfig.DEBUG) {
LogUtils.d(TAG, "url = " + url.getPath());
}
connection = getHttpsConnection(url);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
connection.setRequestProperty("Content-Encoding", "gzip");
byte[] gzipped = HttpUtils.gzip(commonInformation.toString());
cos = new CountingOutputStream(connection.getOutputStream()); //<-- This is where I …我看到运行Java 6的客户端的SSL连接失败,例外情况如下:
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:882)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
... 35 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:462)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
... 41 more
该服务器是一个基于Tomcat 7的应用程序,在Java 7,Linux和Amazon EC2上运行,这是值得的.
我已经找到了很多关于可能的casues的建议,包括意外连接到非SSL端口等等.我相信我已经完全排除了这一点,主要是因为完全相同的客户端在运行Java 7时没有任何变化.(两种情况下都是OS X.)
下面我将介绍Java 6的调试输出和Java 7的SSL连接过程.我向专家提出的问题是,这是否表明可以在Java 6中启用一些可能的密码或协议设置(可能是Java 7中的默认设置)以使其工作?
Java 6:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No …我正在尝试使用HttpsUrlConnection类向服务器发送请求.服务器有证书问题,所以我设置了一个信任所有东西的TrustManager,以及一个同样宽松的主机名验证器.当我直接提出请求时,这个管理器工作得很好,但是当我通过代理发送请求时似乎根本没有使用它.
我设置我的代理设置如下:
Properties systemProperties = System.getProperties();
systemProperties.setProperty( "http.proxyHost", "proxyserver" );
systemProperties.setProperty( "http.proxyPort", "8080" );
systemProperties.setProperty( "https.proxyHost", "proxyserver" );
systemProperties.setProperty( "https.proxyPort", "8080" );
默认SSLSocketFactory的TrustManager设置如下:
SSLContext sslContext = SSLContext.getInstance( "SSL" );
// set up a TrustManager that trusts everything
sslContext.init( null, new TrustManager[]
{
new X509TrustManager()
{
public X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted( X509Certificate[] certs, String authType )
{
// everything is trusted
}
public void checkServerTrusted( X509Certificate[] certs, String authType )
{
// everything is trusted
} …我正在尝试与trackobot.com建立连接以接收一些JSON数据.服务器仅允许通过HTTPS/SSL进行连接.这是代码:
java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
URL url = new URL("https://trackobot.com/profile/history.json?username=USER&token=TOCKEN");
InputStream is = url.openStream();
JsonParser parser = Json.createParser(is);
openSteam抛出javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure
我阅读了几篇与类似问题相关的帖子,但没有一个建议有帮助.相应的证书在我的信任库中.当我尝试连接到例如google.com时,没有错误.所以,问题似乎是在我试图连接的服务器的握手特定中.
我使用-Djavax.net.debug = ssl运行我的代码返回:
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /Library/Java/JavaVirtualMachines/jdk1.8.0_25.jdk/Contents/Home/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
[Here I removed hundreds of „adding as trusted cert“:… lines]
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: …