gpt4 book ai didi

Java 8、TSL v1 和 javax.net.ssl.SSLHandshakeException : Received fatal alert: handshake_failure

转载 作者:搜寻专家 更新时间:2023-11-01 01:50:40 27 4
gpt4 key购买 nike

当我尝试将 Java 8 应用程序连接到 Web 服务时,出现 SSLHandshakeException。

www.ssllabs.com说我 Web 服务不支持 TLSv1.1 和 TSLv1.2。

所以我执行 SSLPoke 时:

java -Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1" -Dhttps.protocol="TLSv1"  SSLPoke ws.seur.com 443

我得到:

*** ClientHello, TLSv1
RandomCookie: GMT: 1450188882 bytes = { 215, 201, 145, 239, 52, 121, 175, 184, 120, 99, 193, 227, 113, 25, 222, 207, 145, 219, 37, 4, 82, 26, 128, 21, 217, 243, 4, 139 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [type=host_name (0), value=ws.seur.com]
***
[write] MD5 and SHA1 hashes: len = 171
0000: 01 00 00 A7 03 01 56 70 20 52 D7 C9 91 EF 34 79 ......Vp R....4y
0010: AF B8 78 63 C1 E3 71 19 DE CF 91 DB 25 04 52 1A ..xc..q.....%.R.
0020: 80 15 D9 F3 04 8B 00 00 2C C0 0A C0 14 00 35 C0 ........,.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 00 FF 01 00 00 52 00 0A 00 34 00 32 00 ........R...4.2.
0060: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
0070: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
0080: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
0090: 16 00 0B 00 02 01 00 00 00 00 10 00 0E 00 00 0B ................
00A0: 77 73 2E 73 65 75 72 2E 63 6F 6D ws.seur.com
main, WRITE: TLSv1 Handshake, length = 171
[Raw write]: length = 176
0000: 16 03 01 00 AB 01 00 00 A7 03 01 56 70 20 52 D7 ...........Vp R.
0010: C9 91 EF 34 79 AF B8 78 63 C1 E3 71 19 DE CF 91 ...4y..xc..q....
0020: DB 25 04 52 1A 80 15 D9 F3 04 8B 00 00 2C C0 0A .%.R.........,..
0030: C0 14 00 35 C0 05 C0 0F 00 39 00 38 C0 09 C0 13 ...5.....9.8....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 08 C0 12 00 0A ./.....3.2......
0050: C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 52 00 0A .............R..
0060: 00 34 00 32 00 17 00 01 00 03 00 13 00 15 00 06 .4.2............
0070: 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D ................
0080: 00 0E 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 ................
0090: 00 14 00 08 00 16 00 0B 00 02 01 00 00 00 00 10 ................
00A0: 00 0E 00 00 0B 77 73 2E 73 65 75 72 2E 63 6F 6D .....ws.seur.com
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)

如果我强制使用 TLSv1,为什么会收到 RECV TLSv1.2 ALERT: fatal, handshake_failure?

在 Java 7 上它工作正常但 Java 8 不工作。

最佳答案

如用户 1516873 的 answer 所示,客户端(Java 8u51 或更高版本)和服务器(ws.seur.com)不支持通用密码套件。 Java 8 更新 51 removed support for RC4 ciphers默认情况下在客户端中,因为 RC4 被认为是弱的和受损的。

Area: security-libs/javax.net.ssl Synopsis: Prohibit RC4 cipher suites

RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods.

See JDK-8077109 (not public).

虽然最好的做法是联系 Web 服务提供商并让他们更新他们的 TLS 配置,但发行说明中描述了在客户端中启用 RC4 的解决方法。但是请注意,出于某种原因删除了对 RC4 的支持,并且通过重新启用它,您会将客户端的用户暴露在较低的安全标准下。

关于Java 8、TSL v1 和 javax.net.ssl.SSLHandshakeException : Received fatal alert: handshake_failure,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34292351/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com