gpt4 book ai didi

Java SSLHandshakeException "no cipher suites in common"

转载 作者:IT老高 更新时间:2023-10-28 20:42:07 27 4
gpt4 key购买 nike

我正在使用 SSLServerSocket 在我的 openSUSE 服务器上接受客户端连接,但它们都无法连接。我总是得到一个 SSLHandshakeException 说 no cipher suites in common。我已经激活了所有可能的套件,启用了多种协议(protocol),并尝试了最新的 oracle JRE 和 openjdk。此外,我还关注了论坛和其他东西上的其他几篇帖子,并“解锁”了 oracle 的 jre 中的所有密码套件,我更改了 openjdk jre 的设置,如下所示:

已禁用:#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg并启用:security.provider.9=sun.security.ec.SunEC

这就是我初始化 SSLServerSocket 的方式:

    System.setProperty("javax.net.ssl.keyStore", "./keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "nopassword");
java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}

public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}

public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};

// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, trustAllCerts, new SecureRandom());
SSLServerSocket ssl = (SSLServerSocket) sc.getServerSocketFactory().createServerSocket(
DownloadFilelist.PORT);
// Got rid of:
//ssl.setEnabledCipherSuites(sc.getServerSocketFactory().getSupportedCipherSuites());
ssl.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});

// System.out.println(Arrays.toString(ssl.getEnabledCipherSuites()));

s = ssl;
// s = new ServerSocket(DownloadFilelist.PORT);
s.setSoTimeout(TIMEOUT);

问题是我无法找出客户想要什么密码套件,我也无法影响它。我用 -Djavax.net.debug=ssl,handshake 启动程序,结果是 here。有人能找出问题所在吗?

EDIT keystore 是通过以下方式生成的:keytool -genkey -keyalg RSA -keystore ./keystore

这是此页面上的代码,如果有帮助(似乎格式没有弄乱):

trigger seeding of SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
main, setSoTimeout(2000) called
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1361763651 bytes = { 159, 113, 250, 254, 103, 37, 66, 234, 127, 4, 36, 240, 60, 252, 55, 112, 6, 224, 192, 181, 146, 163, 63, 148, 152, 255, 77, 8 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 67
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: 1361763767 bytes = { 249, 20, 120, 68, 76, 110, 168, 235, 47, 91, 119, 64, 151, 242, 169, 191, 111, 105, 146, 90, 173, 223, 55, 127, 133, 12, 1, 247 }
Session ID: {246, 66, 250, 209, 13, 188, 190, 246, 14, 49, 113, 183, 192, 202, 68, 246, 121, 162, 165, 71, 242, 220, 233, 223, 245, 47, 250, 215, 203, 94, 255, 148}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
main, READ: TLSv1 Handshake, length = 933
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=dc.hadiko.de, O=hadiko dc, L=town, ST=land of the free, C=de
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 22613010171436639614880560956464961031555258188367451246658444583390999370970098210909007150132692078653881042731046316239498513359691936582885343174669796075601988313858262934995935649363223919652108615287224220030023261629874169998331654587246748976585212101810697310529416436829153514374554242128947092694064999520197281527578067183301918060451970607703466399571245107774569719996572643148013190800713656468629158991997127544540177983174906099325217344868710319256330960086862269228933938482311029685238274537823670267001618579382801319470736924423550865055775144486750164961588873175599114046362924859400297960451
public exponent: 65537
Validity: [From: Sat Jul 07 12:56:23 CEST 2012,
To: Tue Jul 07 12:56:23 CEST 2015]
Issuer: CN=dc.hadiko.de, O=hadiko dc, L=town, ST=land of the free, C=de
SerialNumber: [ 8682354f f94fbbb5]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17 F3 4E EE F6 6C 6C 88 16 C....!...N..ll..
0010: 08 3C 67 8E .<g.
]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17 F3 4E EE F6 6C 6C 88 16 C....!...N..ll..
0010: 08 3C 67 8E .<g.
]
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 14 83 48 D3 EC 39 49 E3 9C BC 20 F5 BF E4 32 33 ..H..9I... ...23
0010: 5F 09 8F 2D F2 C3 82 80 79 93 9A C1 97 93 92 D9 _..-....y.......
0020: D0 DA 4D B2 FC A1 43 60 1F B9 EA 4C 29 D7 79 D0 ..M...C`...L).y.
0030: 66 8C 25 14 EB 9D 60 94 D7 F4 15 33 8B 17 24 24 f.%...`....3..$$
0040: 5C 65 26 3D C3 B0 8A 51 B6 27 01 D1 A6 A3 68 87 \e&=...Q.'....h.
0050: 2D 6F 0B E6 00 96 B6 CF BC E9 D2 9C 7E 19 9E E1 -o..............
0060: 3A 96 42 2E B7 E8 C0 70 01 99 20 39 89 6D 94 2B :.B....p.. 9.m.+
0070: 76 2F F1 0E 6D 2D 9B 52 77 D3 63 6A 11 DC A3 E6 v/..m-.Rw.cj....
0080: 4E 0E 64 6D FA 77 BC 1E 4F C3 91 AD 21 F7 5D 31 N.dm.w..O...!.]1
0090: F9 04 A5 FA 34 EF 43 61 F1 42 32 5A 9B D1 16 84 ....4.Ca.B2Z....
00A0: 07 2B CA 01 AF 84 54 D2 A9 C4 3A 7A EA D1 2A 95 .+....T...:z..*.
00B0: 47 30 03 BA 48 C4 57 1F 78 58 6C 7A 56 60 40 2C G0..H.W.xXlzV`@,
00C0: 6A 17 15 3F 43 A5 FB 81 4D 9D 1B DC A7 CE 78 D1 j..?C...M.....x.
00D0: 5A 66 97 79 04 55 DA 34 3C B2 CD 9A 62 EE 32 22 Zf.y.U.4<...b.2"
00E0: 70 84 0E 3E 5D 7F 91 0D A5 D4 84 6B F3 E9 40 E9 p..>]......k..@.
00F0: E8 69 D7 E5 FC B6 0A 4C 35 66 CC BA E5 38 12 A0 .i.....L5f...8..

]
***
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 59 D3 0F F9 95 E8 DC E2 C2 4A 2B 93 79 55 ..Y........J+.yU
0010: 0B 1A 43 5E F4 0A 73 F1 13 E1 00 DF 78 55 F6 52 ..C^..s.....xU.R
0020: 4E 6A D3 2C F8 08 A1 B3 03 DF C9 5E 8C 14 8D 4E Nj.,.......^...N
CONNECTION KEYGEN:
Client Nonce:
0000: 51 2B DD 43 9F 71 FA FE 67 25 42 EA 7F 04 24 F0 Q+.C.q..g%B...$.
0010: 3C FC 37 70 06 E0 C0 B5 92 A3 3F 94 98 FF 4D 08 <.7p......?...M.
Server Nonce:
0000: 51 2B DE B7 F9 14 78 44 4C 6E A8 EB 2F 5B 77 40 Q+....xDLn../[w@
0010: 97 F2 A9 BF 6F 69 92 5A AD DF 37 7F 85 0C 01 F7 ....oi.Z..7.....
Master Secret:
0000: 3E 9E 24 42 3D E4 82 AF AD 97 76 EF 06 EF FB FD >.$B=.....v.....
0010: C8 1A D5 7E 8E A2 74 4D E8 E7 B9 1E 60 E9 E0 6F ......tM....`..o
0020: 09 E3 56 81 FC 2D 20 D9 69 6B 26 C3 0B C5 53 5F ..V..- .ik&...S_
Client MAC write Secret:
0000: 04 30 70 7E A9 4A 1F 88 55 F8 31 31 75 36 40 35 .0p..J..U.11u6@5
0010: 25 65 24 5D %e$]
Server MAC write Secret:
0000: 8B C1 65 50 6D 11 21 32 CD 50 3A AB 0F 2E A5 FC ..ePm.!2.P:.....
0010: C7 30 E6 EC .0..
Client write key:
0000: 25 D7 96 B0 9A 1F 49 95 06 4D 05 36 2E D0 38 04 %.....I..M.6..8.
0010: 0F 32 15 2E 8F 0A 6C 79 F8 ED E8 9B FE 5C 2C D8 .2....ly.....\,.
Server write key:
0000: 4A 91 5D DF B2 FE 6F 35 3E 8A 21 DF 17 E0 35 F0 J.]...o5>.!...5.
0010: DB 97 4C 7E 18 07 7E 27 DD AD BC C4 C4 28 C5 E1 ..L....'.....(..
Client write IV:
0000: B6 C1 98 05 9B 37 F9 0F 4E 0C 0F 6E 08 8A 26 C9 .....7..N..n..&.
Server write IV:
0000: 0E 83 27 3E 3B 40 E8 BE 4C 58 C4 5F EF E4 D3 4C ..'>;@..LX._...L
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 23, 181, 134, 191, 68, 30, 119, 81, 239, 135, 238, 80 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 254, 182, 228, 50, 121, 214, 35, 175, 100, 128, 102, 152 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 48
HSent: HSUP ADBASE ADTIGR ADBLOM
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 48
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 288
ClientManager, READ: TLSv1 Application Data, length = 32
ClientManager, READ: TLSv1 Application Data, length = 96

[...] (Cut out becauseI exceeded body limit.)

ClientManager, READ: TLSv1 Application Data, length = 80
ClientManager, READ: TLSv1 Application Data, length = 32
ClientManager, READ: TLSv1 Application Data, length = 80
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 64
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
A client, READ: SSLv3 Handshake, length = 112
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1361763651 bytes = { 47, 7, 95, 146, 25, 28, 95, 191, 146, 159, 184, 47, 149, 220, 67, 169, 121, 123, 252, 98, 0, 253, 108, 88, 108, 188, 52, 76 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension signature_algorithms, signature_algorithms: Unknown (hash:0x4, signature:0x2), SHA256withRSA, SHA1withRSA, SHA1withDSA
***
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-2, SSL_NULL_WITH_NULL_NULL]
A client, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
A client, WRITE: TLSv1.2 Alert, length = 2
A client, called closeSocket()
A client, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

输出包含一个连接到另一台工作的服务器,然后连接到我的服务器。我无法删除另一个连接,因为我正在获取有关如何通过此连接进行连接的信息。如果可能的话,我可以在第一次连接后启用调试,但我不知道如何......

我删除了所有不相关的输出(我创建的输出)。

更新:

我什至无法连接到自己。当我在同一个应用程序中创建一个 SSLServerSocket 和一个 SSLSocket 以连接到它时,我得到了同样的错误。但是当我比较启用的密码套件列表时,两个套接字都支持一堆套件。我已经在带有最新 JDK 的 Windows 7 64bit 上进行了测试。

更新:

我刚刚使用教程从头开始我的程序的服务器部分,并且神奇地工作了......我不知道为什么,但似乎我应该尽可能多地使用标准实现。我将声望归功于布鲁诺,因为他在自己的岗位上付出了最大的努力。

最佳答案

您正在使用 null KeyManager 数组初始化您的 SSLContext

key 管理器负责处理服务器证书(在服务器端),这可能是您在使用 javax.net.ssl.keyStore 时要设置的内容。

但是,如 JSSE Reference Guide 中所述, 使用 null 作为第一个参数并没有像你想象的那样做:

If the KeyManager[] parameter is null, then an empty KeyManager will be defined for this context. If the TrustManager[] parameter is null, the installed security providers will be searched for the highest-priority implementation of the TrustManagerFactory, from which an appropriate TrustManager will be obtained. Likewise, the SecureRandom parameter may be null, in which case a default implementation will be used.

一个空的 KeyManager 不包含任何 RSA 或 DSA 证书。因此,将禁用依赖此类证书的所有默认密码套件。这就是为什么您会收到所有这些“忽略不可用的密码套件”消息,最终导致“没有共同的密码套件”消息。

如果您希望将 keystore 用作 keystore ,则需要加载它并使用它初始化 KeyManagerFactory:

    KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("...");
try {
ks.load(ksIs, "password".toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
kmf.init(ks, "keypassword".toCharArray());

使用kmf.getKeyManagers()作为SSLContext.init()的第一个参数。

对于其他两个参数,由于您显然没有请求客户端证书身份验证,因此您应该将信任管理器保留为其默认值 (null),而不是复制/粘贴一个信任管理器一个潜在的漏洞原因,您也可以使用默认的 null SecureRandom

关于Java SSLHandshakeException "no cipher suites in common",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15076820/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com