- Java 双重比较
- java - 比较器与 Apache BeanComparator
- Objective-C 完成 block 导致额外的方法调用?
- database - RESTful URI 是否应该公开数据库主键?
我正在使用以下代码针对远程端点运行本地测试:
URL url = new URL(remoteEndpointUrl);
String encoded = Base64.getEncoder().encodeToString((login + ":"+ password).getBytes("UTF-8")); //Java 8
conn = (HttpURLConnection) url.openConnection();
conn.setRequestProperty("Authorization", "Basic "+encoded);
conn.setRequestMethod("DELETE");
conn.setRequestProperty("Accept", "application/json");
conn.setDoOutput(true);
conn.getResponseCode();
这在我的具有以下 Java 版本的 Mac OS 上完美运行
java version "1.8.0_152"
Java(TM) SE Runtime Environment (build 1.8.0_152-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16,
mixed mode)
现在,如果我使用它并在使用 openjdk:8u151
图像(我也是从我的 Mac OS 启动)运行的 docker 容器中运行它,我最终会遇到以下异常:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:203)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:162)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
显然,我的本地 TLS 默认设置与 docker 容器内的设置之间似乎没有任何区别。这是使用 -Djavax.net.debug=all
运行的调试输出:
本地输出:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=example.com) was replaced with (type=host_name (0), value=example.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1541229707 bytes = { 122, 255, 53, 110, 142, 33, 132, 23, 192, 232, 102, 11, 200, 33, 185, 187, 146, 150, 134, 215, 2, 72, 62, 10, 76, 46, 224, 66 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=example.com]
***
[write] MD5 and SHA1 hashes: len = 198
0000: 01 00 00 C2 03 03 5C DD 4D 8B 7A FF 35 6E 8E 21 ......\.M.z.5n.!
0010: 84 17 C0 E8 66 0B C8 21 B9 BB 92 96 86 D7 02 48 ....f..!.......H
0020: 3E 0A 4C 2E E0 42 00 00 3A C0 23 C0 27 00 3C C0 >.L..B..:.#.'.<.
0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 %.).g.@...../...
0040: 0E 00 33 00 32 C0 2B C0 2F 00 9C C0 2D C0 31 00 ..3.2.+./...-.1.
0050: 9E 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 ................
0060: 13 00 FF 01 00 00 5F 00 0A 00 16 00 14 00 17 00 ......_.........
0070: 18 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 ................
0080: 16 00 0B 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 ................
0090: 01 05 03 05 01 04 03 04 01 04 02 03 03 03 01 03 ................
00A0: 02 02 03 02 01 02 02 00 00 00 1B 00 19 00 00 16 ................
00B0: 73 75 6D 69 74 64 65 76 2E 6D 79 73 68 6F 70 69 example.com
00C0: 66 79 2E 63 6F 6D
main, WRITE: TLSv1.2 Handshake, length = 198
[Raw write]: length = 203
0000: 16 03 03 00 C6 01 00 00 C2 03 03 5C DD 4D 8B 7A ...........\.M.z
0010: FF 35 6E 8E 21 84 17 C0 E8 66 0B C8 21 B9 BB 92 .5n.!....f..!...
0020: 96 86 D7 02 48 3E 0A 4C 2E E0 42 00 00 3A C0 23 ....H>.L..B..:.#
0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.@....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./..
0050: C0 2D C0 31 00 9E 00 A2 C0 08 C0 12 00 0A C0 03 .-.1............
0060: C0 0D 00 16 00 13 00 FF 01 00 00 5F 00 0A 00 16 ..........._....
0070: 00 14 00 17 00 18 00 19 00 09 00 0A 00 0B 00 0C ................
0080: 00 0D 00 0E 00 16 00 0B 00 02 01 00 00 0D 00 1C ................
0090: 00 1A 06 03 06 01 05 03 05 01 04 03 04 01 04 02 ................
00A0: 03 03 03 01 03 02 02 03 02 01 02 02 00 00 00 1B ................
00B0: 00 19 00 00 16 73 75 6D 69 74 64 65 76 2E 6D 79 .....example.com
[Raw read]: length = 5
0000: 16 03 03 00 57 ....W
[Raw read]: length = 87
0000: 02 00 00 53 03 03 5C DD 4D 8B A2 3C 5D 36 46 82 ...S..\.M..<]6F.
0010: BE 0E 5E DA 23 05 66 D5 1B AE 13 AA 8F 98 12 30 ..^.#.f........0
0020: DF 52 9C 28 AA 7B 20 43 4F 5E 40 8C B4 C4 1E 26 .R.(.. CO^@....&
0030: 4F 5D B8 3D 39 16 D5 56 41 9C B0 F8 D5 F4 2A 55 O].=9..VA.....*U
0040: B3 0A E9 A2 6F 9D 88 C0 2B 00 00 0B FF 01 00 01 ....o...+.......
0050: 00 00 0B 00 02 01 00 .......
main, READ: TLSv1.2 Handshake, length = 87
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1541229707 bytes = { 162, 60, 93, 54, 70, 130, 190, 14, 94, 218, 35, 5, 102, 213, 27, 174, 19, 170, 143, 152, 18, 48, 223, 82, 156, 40, 170, 123 }
Session ID: {67, 79, 94, 64, 140, 180, 196, 30, 38, 79, 93, 184, 61, 57, 22, 213, 86, 65, 156, 176, 248, 213, 244, 42, 85, 179, 10, 233, 162, 111, 157, 136}
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-4, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[read] MD5 and SHA1 hashes: len = 87ere
内部 docker 容器输出:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Test worker, setSoTimeout(0) called
Test worker, the previous server name in SNI (type=host_name (0), value=example.com) was replaced with (type=host_name (0), value=example.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1541242532 bytes = { 118, 119, 70, 101, 0, 69, 160, 231, 254, 159, 164, 222, 99, 67, 81, 99, 102, 20, 11, 71, 1, 162, 231, 238, 141, 93, 75, 42 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=example.com]
***
[write] MD5 and SHA1 hashes: len = 208
0000: 01 00 00 CC 03 03 5C DD 7F A4 76 77 46 65 00 45 ......\...vwFe.E
0010: A0 E7 FE 9F A4 DE 63 43 51 63 66 14 0B 47 01 A2 ......cCQcf..G..
0020: E7 EE 8D 5D 4B 2A 00 00 64 C0 24 C0 28 00 3D C0 ...]K*..d.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 C0 08 C0 ../...-.1.......
0080: 12 00 0A C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 ................
0090: 3F 00 0D 00 1C 00 1A 06 03 06 01 05 03 05 01 04 ?...............
00A0: 03 04 01 04 02 03 03 03 01 03 02 02 03 02 01 02 ................
00B0: 02 00 00 00 1B 00 19 00 00 16 73 75 6D 69 74 64 ..........
00C0: 65 76 2E 6D 79 73 68 6F 70 69 66 79 2E 63 6F 6D example.com
Test worker, WRITE: TLSv1.2 Handshake, length = 208
[Raw write]: length = 213
0000: 16 03 03 00 D0 01 00 00 CC 03 03 5C DD 7F A4 76 ...........\...v
0010: 77 46 65 00 45 A0 E7 FE 9F A4 DE 63 43 51 63 66 wFe.E......cCQcf
0020: 14 0B 47 01 A2 E7 EE 8D 5D 4B 2A 00 00 64 C0 24 ..G.....]K*..d.$
0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g.@...../..
0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
0080: 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 ................
0090: 00 FF 01 00 00 3F 00 0D 00 1C 00 1A 06 03 06 01 .....?..........
00A0: 05 03 05 01 04 03 04 01 04 02 03 03 03 01 03 02 ................
00B0: 02 03 02 01 02 02 00 00 00 1B 00 19 00 00 16 73 ...............s
00C0: 75 6D 69 74 64 65 76 2E 6D 79 73 68 6F 70 69 66 example.com
00D0: 79 2E 63 6F 6D
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
Test worker, READ: TLSv1.2 Alert, length = 2
Test worker, RECV TLSv1.2 ALERT: fatal, handshake_failure
Test worker, called closeSocket()
Test worker, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failureere
现在,我尝试根据 https://www.petefreitag.com/item/844.cfm 将安全属性 crypto.policy
设置为 unlimited
这应该可以轻松启用 JCE(Java 加密扩展),我从中获得了领先:https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https但它仍然失败。
我一直在与此作斗争,并且不知道该检查什么,因为两次执行都使用 TLSv1.2
作为 https 协议(protocol),并且都使用相同的密码套件,所以知道为什么它在 docker 中失败了吗?
非常感谢任何帮助,提前致谢
编辑:在我的 Mac 操作系统上使用 -Dcom.sun.net.ssl.enableECC=false
运行
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=example.com) was replaced with (type=host_name (0), value=example.com)
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1541432023 bytes = { 91, 55, 180, 242, 51, 13, 227, 239, 109, 218, 210, 217, 65, 181, 16, 146, 251, 182, 30, 23, 156, 83, 207, 5, 80, 0, 133, 88 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=example.com]
***
[write] MD5 and SHA1 hashes: len = 134
0000: 01 00 00 82 03 03 5C E0 63 D7 5B 37 B4 F2 33 0D ......\.c.[7..3.
0010: E3 EF 6D DA D2 D9 41 B5 10 92 FB B6 1E 17 9C 53 ..m...A........S
0020: CF 05 50 00 85 58 00 00 1A 00 3C 00 67 00 40 00 ..P..X....<.g.@.
0030: 2F 00 33 00 32 00 9C 00 9E 00 A2 00 0A 00 16 00 /.3.2...........
0040: 13 00 FF 01 00 00 3F 00 0D 00 1C 00 1A 06 03 06 ......?.........
0050: 01 05 03 05 01 04 03 04 01 04 02 03 03 03 01 03 ................
0060: 02 02 03 02 01 02 02 00 00 00 1B 00 19 00 00 16 ................
0070: 73 75 6D 69 74 64 65 76 2E 6D 79 73 68 6F 70 69 example.com
0080: 66 79 2E 63 6F 6D
main, WRITE: TLSv1.2 Handshake, length = 134
[Raw write]: length = 139
0000: 16 03 03 00 86 01 00 00 82 03 03 5C E0 63 D7 5B ...........\.c.[
0010: 37 B4 F2 33 0D E3 EF 6D DA D2 D9 41 B5 10 92 FB 7..3...m...A....
0020: B6 1E 17 9C 53 CF 05 50 00 85 58 00 00 1A 00 3C ....S..P..X....<
0030: 00 67 00 40 00 2F 00 33 00 32 00 9C 00 9E 00 A2 .g.@./.3.2......
0040: 00 0A 00 16 00 13 00 FF 01 00 00 3F 00 0D 00 1C ...........?....
0050: 00 1A 06 03 06 01 05 03 05 01 04 03 04 01 04 02 ................
0060: 03 03 03 01 03 02 02 03 02 01 02 02 00 00 00 1B ................
0070: 00 19 00 00 16 73 75 6D 69 74 64 65 76 2E 6D 79 .....example.com
0080: 73 68 6F 70 69 66 79 2E 63 6F 6D
[Raw read]: length = 5
0000: 16 03 03 00 51 ....Q
[Raw read]: length = 81
0000: 02 00 00 4D 03 03 5C E0 63 DA 99 74 67 FF 71 48 ...M..\.c..tg.qH
0010: B5 9B 8F 63 A4 06 15 AE 1D E6 1B CA 27 C6 9C 85 ...c........'...
0020: B8 E8 40 03 89 54 20 29 3F 81 6A E8 E4 54 39 D7 ..@..T )?.j..T9.
0030: 5A 95 5B DD 7C 59 18 28 05 C2 49 75 22 2E 69 78 Z.[..Y.(..Iu".ix
0040: E1 1B 11 62 03 62 C0 00 9C 00 00 05 FF 01 00 01 ...b.b..........
0050: 00 .
main, READ: TLSv1.2 Handshake, length = 81
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1541432026 bytes = { 153, 116, 103, 255, 113, 72, 181, 155, 143, 99, 164, 6, 21, 174, 29, 230, 27, 202, 39, 198, 156, 133, 184, 232, 64, 3, 137, 84 }
Session ID: {41, 63, 129, 106, 232, 228, 84, 57, 215, 90, 149, 91, 221, 124, 89, 24, 40, 5, 194, 73, 117, 34, 46, 105, 120, 225, 27, 17, 98, 3, 98, 192}
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-4, TLS_RSA_WITH_AES_128_GCM_SHA256]
** TLS_RSA_WITH_AES_128_GCM_SHA256
[read] MD5 and SHA1 hashes: len = 81
最佳答案
不完全是答案,但我希望它能有所帮助。
在第一种情况下,客户端发送了两个椭圆曲线扩展,但在第二种情况下则没有。我不知道这种不同行为的原因,但这可能以服务器无法继续运行而告终,因为无法找到通用的密码套件。
RFC 4492给出了 2 个理由,你不应该对缺少的扩展有任何问题:
If a server does not understand the Supported Elliptic Curves
Extension, does not understand the Supported Point Formats Extension, or is unable to complete the ECC handshake while restricting itself
to the enumerated curves and point formats, it MUST NOT negotiate the use of an ECC cipher suite. Depending on what other cipher suites
are proposed by the client and supported by the server, this may
result in a fatal handshake failure alert due to the lack of common
cipher suites.
A TLS client that proposes ECC cipher suites in its ClientHello
message SHOULD include these extensions.
这会导致客户端或服务器出现软件错误或安装错误(丢失文件、错误权限等)。
如果您使用 -Dcom.sun.net.ssl.enableECC=false
运行本地测试,会发生什么情况?
您可以比较 jre/lib 中所有目录的内容,以找到可能缺少的内容。
例如,您的 docker 客户端是否包含文件 libsunec.so
?
您端点上的 TLS 服务器是什么?它也被 jetty 化了吗?
至少 Release Notes for JDK 8没有提到任何可以解决的客户端问题。但恰恰相反,它提到了一个 jdk.tls.namedGroups(null)
问题已在 8u131 中解决。 ,错误 JDK-8173783它的重复错误很好地解释了 - JDK-8173960漏洞。这并不能解释为什么您会面临两种不同的行为,但也许它周围有些东西没有被提及(另一个丢失的文件而不是 sunec.jar
在错误中说,导致同样的问题)。从我的角度来看,客户端丢失的文件会导致服务器端错误(也由丢失的文件或简单的软件错误触发)。如果您找到解决方案,请告诉我们。
关于javax.net.ssl.SSLHandshakeException : Received fatal alert: handshake_failure inside docker container,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56190856/
如果数据是从另一台计算机(首先)“发送”的,我如何设置我的套接字例程以“发送”(首先)或(切换)“接收”? 谢谢 通用代码: -(void) TcpClient{ char buffer[12
我正在尝试在代码中使用 Java 8 方法引用。有四种类型的方法引用可用。 静态方法引用。 实例方法(绑定(bind)接收者)。 实例方法(未绑定(bind)接收者)。 构造函数引用。 使用静态方法引
我正在尝试在我的代码中使用 Java 8 方法引用。有四种类型的方法引用可用。 静态方法引用。 实例方法(绑定(bind)接收器)。 实例方法(UnBound 接收器)。 构造函数引用。 使用静态方法
这个问题在这里已经有了答案: X does not implement Y (... method has a pointer receiver) (4 个答案) 关闭 3 年前。 最近在研究Iri
我把这个问题/错误发布到 GIT 官方 channel ,但没有得到任何回应。希望这里有人可以帮助我。 当 receive.denyCurrentBranch 设置为 updateInstead 并且
我正在开发一个新的监控系统,该系统可以测量 Celery 队列吞吐量并在队列备份时帮助提醒团队。在我的工作过程中,我遇到了一些我不理解的奇怪行为(并且在 Celery 规范中没有详细记录)。 出于测试
我正在开发一个新的监控系统,该系统可以测量 Celery 队列吞吐量并在队列备份时帮助提醒团队。在我的工作过程中,我遇到了一些我不理解的奇怪行为(并且在 Celery 规范中没有详细记录)。 出于测试
这个问题在这里已经有了答案: What does this Google Play APK publish error message mean? (17 个答案) 关闭 3 年前。 我为我的应用程
我正在寻找一种解决方案来从我的 child “药物”中获取数据,并使用 ID 从“medication_plan”节点接收特定数据并将它们显示在 Recyclerview 中。 数据库结构: 目前我正
我正在构建 DNN 来预测对象是否存在于图像中。我的网络有两个隐藏层,最后一层看起来像这样: # Output layer W_fc2 = weight_variable([2048, 1])
我有一个模拟销售漏斗的 WF4 服务。它的工作原理是从“注册”接听电话开始。之后,有 10 个类似的阶段(每个阶段包含 2 个接收)。在当前阶段验证接收到的数据之前,您不能前进到一个阶段。但我不确定的
我有一个用 NSubstitute 伪造的对象,它有一个被调用两次的方法。我想验证该方法实际上已被调用两次(且仅调用两次)。我浏览了文档和谷歌,但没有运气。任何帮助,将不胜感激。谢谢。 最佳答案 NS
我在 Windows 上使用 D 编写了一个套接字服务器,现在我想将它移植到 Linux 上。这是代码摘要: /* * this.rawsocks - SocketSet * this.serve
我有一个在 AndroidManifest.xml 中定义了 Receiver 的应用程序,它似乎随机地被禁用,这导致应用程序强制关闭,直到重新安装应用程序。在发生这种情况之前,应用可能会在一天、一周
我正在尝试使用 android 注释库通过两种方式进行广播接收器,但 ide 无法识别此代码中的 @Receiver 或 @ReceiverAction import android.content.
我正在试验 Android 的 LiveData .我只是试图将大量通知推送给观察 LiveData 对象的观察者。我让一个线程在后台运行,在一个 while 循环中,我不断地通过 LiveData
当我运行以下代码时: [Test] public async Task Can_Test_Update() { var response = await _controller.UpdateA
查看 header 时,似乎第二台接收邮件的服务器直到最终 header 中报告的送达日期之后才转发它。 在 c9mailgw11.amadis.com,报告的时间是 22:47:49 -0800
我在这里搜索了几个问题都没有得到答案,所以我会根据我的具体情况询问。 真正简单的接收后 Hook ,它只是 curl 到 Redmine 以强制 Redmine 在提交时更新 repo 的 View
我目前正在尝试 Elixir。我对 Ruby 或函数式编程的经验很少,所以我不太熟悉语法。我在读Learn Elixir in Y minutes其中一个例子让我有点困惑。起初,指南显示了 case
我是一名优秀的程序员,十分优秀!