个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
58
4
我收到以下错误。不确定是什么原因造成的以及如何解决这个问题。 这发生在使用 Netscalar 进行负载平衡的服务器端。
javax.net.ssl.SSLHandshakeException: Received fatal alert: record_overflow
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:804)
at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:322)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:231)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:289)
at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:149)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:673)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:591)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLException: Received fatal alert: record_overflow
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:653)
试过,openssl s_client -connect HOST:443
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=test.test.com/OU=management:idms.group.822007/O=Test Inc./ST=California/C=US
i:/CN=Test Corporate Server CA 1/OU=Certification Authority/O=Test Inc./C=US
1 s:/CN=Test Corporate Server CA 1/OU=Certification Authority/O=Test Inc./C=US
i:/CN=Test Corporate Root CA/OU=Certification Authority/O=Test Inc./C=US
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgIICBjpC86GaGwwDQYJKoZIhvcNAQELBQAwajEkMCIGA1UE
AwwbQXBwbGUgQ29ycG9yYXRlIFNlcnZlciBDQSAxMSAwHgYDVQQLDBdDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMC
VVMwHhcNMTkwMTA3MjM1MjE2WhcNMjEwMjA1MjM1MjE2WjCBmzE7MDkGA1UEAwwy
Y2NhZG1pbi11YXQuY3MtYWxsb3lkLmluZy5sYi51c3JubzMuYWNpby5hcHBsZS5j
b20xJTAjBgNVBAsMHG1hbmFnZW1lbnQ6aWRtcy5ncm91cC44MjIwMDcxEzARBgNV
BAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVT
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgAYtLHZPfxkRWNXbpJL
OnaMH2uJWqK8x/ub87SHmTJ6C4lhxRlwFM2Rd1Z6/UF8HTctGfyk+WmXsKQ1FaG6
syekMVjbjMRf98TlcjwkGxrXbtkLOa2zH2jnzed1jW/2U/pFmK3a2LiCYWaSaOYl
h8+kA59KE4fZDNUytOFmDAkAAkUClFEvLvg4OKVKQRqMA0P3vY0iECOtUKP+16m2
bZpncPwgip6J8UpA4qF6R9HPLf5fuAKdhz1TFC5s2ictgMguZYHMhcDvrsBhYy6X
y19Je0V2OHEdNLk+AZzos6I9/6sp5n8k6snWcl4WOTyFJj6Qn7JC6hZuDL7TamFj
DwIDAQABo4ICmjCCApYwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBS2I7Va637r
tvMoHgTQrVyTqaSabTCBgwYIKwYBBQUHAQEEdzB1MDkGCCsGAQUFBzAChi1odHRw
Oi8vY2VydHMuYXBwbGUuY29tL2FwcGxlY29ycHNlcnZlcmNhMS5kZXIwOAYIKwYB
BQUHMAGGLGh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtY29ycHNlcnZlcmNh
MTA0MD0GA1UdEQQ2MDSCMmNjYWRtaW4tdWF0LmNzLWFsbG95ZC5pbmcubGIudXNy
bm8zLmFjaW8uYXBwbGUuY29tMIIBEgYDVR0gBIIBCTCCAQUwggEBBgoqhkiG92Nk
BQ8CMIHyMIGkBggrBgEFBQcCAjCBlwyBlFJlbGlhbmNlIG9uIHRoaXMgY2VydGlm
aWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiBhbnkgYXBw
bGljYWJsZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UgYW5kL29yIGNlcnRp
ZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wSQYIKwYBBQUHAgEWPWh0dHBz
Oi8vY2VydGlmaWNhdGVtYW5hZ2VyLmFwcGxlLmNvbS8jaGVscC9wb2xpY2llcy9j
b3Jwb3JhdGUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDwGA1UdHwQ1
MDMw\j+pGT/ZYsOqhHHIngas0nm+IWzZgyCp
vDBgPmuVMBCvRv2N02fBXcAahzq3xJ247EhgcB7y2Ub2hFeHx2dFdVmzFTXLkTQB
R/FSBFxpiDueL5ovp8rK5S65rx37yPKix9xUm8FjQeDvzS8+au+lOg==
-----END CERTIFICATE-----
subject=/CN=test.test.com/OU=management:idms.group.822007/O=Test Inc./ST=California/C=US
issuer=/CN=Test Corporate Server CA 1/OU=Certification Authority/O=Test Inc./C=US
---
Acceptable client certificate CA names
/CN=Test Corporate Root CA/OU=Certification Authority/O=Test Inc./C=US
Client Certificate Types: RSA sign, ECDSA sign, DSA sign
Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256:RSA+SHA224:ECDS:RSA+SHA1:ECDSA+SHA1:RSA+MD5
Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256:RSA+SHA224:ECDS:RSA+SHA1:ECDSA+SHA1
---
SSL handshake has read 2918 bytes and written 330 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-GCM-SHA256
Session-ID: 5B211E74689750F234F57C34ED7FE61FCE21CED8EF2E0C8DD7A20B71AE5D6140
Session-ID-ctx:
Master-Key: 1136D67890BCFC70B50CB0D20A96F62A90DDBF59BB4A102FDC3EBF4844C3482DACC31EB37EC92466FBA5927640A17A26
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1547074698
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
最佳答案
如果您使用的是 Java 11 或 12,那么原因可能是 a TLSv1.3 bug in the JDK .
解决方法是禁用 TLSv1.3:
-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
您也可以try the latest JDK 13 early access查看问题是否已解决。
更新就像 Long Nguyen 所说,这是固定的:
关于java - SSL 握手异常 : Received fatal alert: record_overflow,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54119613/
58
4
0
我收到以下错误。不确定是什么原因造成的以及如何解决这个问题。 这发生在使用 Netscalar 进行负载平衡的服务器端。 javax.net.ssl.SSLHandshakeException: Re
我是一名优秀的程序员,十分优秀!