问题precontext:我在一个现有的库中工作,该库在远程服务器上使用SSL和netty框架.我遇到了SSL/TLS握手错误.错误如下:
javax.net.ssl.SSLProtocolException: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1345) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767) ~[na:1.7.0_79]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_79]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:982) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:908) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:854) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:130) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
at java.lang.Thread.run(Thread.java:745) ~[na:1.7.0_79]
Caused by: javax.net.ssl.SSLProtocolException: java.io.IOException: Unknown named curve: 1.2.840.10045.3.1.1
at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(HandshakeMessage.java:451) …我正在使用一个远程服务器,该服务器使用Netty通过Netty SSLHandler库通过TLS握手执行客户端身份验证.这个S/O问题提供了一点:使用双向SSL Handake设置Netty(客户端和服务器证书)
现在,我对这个系统的问题是服务器需要一个TrustManager来初始化SSLContext.根据我的观察,这使用了SunJSSE提供程序.现在,在设置此实现之后,我开始使用RSA客户端证书.现在,我无法使用ECC客户端证书,因为SunJSSE无法识别它们(我认为Java SE 7包含SunEC作为提供商.但SunEC是SunJCE实现而不是SunJSSE实现,因此不能用作TrustManager的提供者).那么,我该怎么办呢.我听说Bouncy Castle可以识别这些证书,但我仍然无法实例化BC作为提供者的TrustManager.
编辑:如果没有办法使用TrustManagers,我是否应该只使用BouncyCastle的API而不是netty的库?这似乎关闭了.这是我显示堆栈跟踪的其他S/O问题:客户端ECC SSL证书包含"未知命名曲线"